mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-03-31 16:00:35 +08:00
Code Issues Packages Projects Releases Wiki Activity

Prevent an off-by-one in a allocated buffer in glob_match_url() - detected by

Browse Source 
coverity.com
This commit is contained in:
Daniel Stenberg 2008-10-13 21:39:12 +00:00
parent 18be9882f7
commit 6c2167b65f
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/urlglob.c
View File

@ -496,7 +496,8 @@ char *glob_match_url(char *filename, URLGlob *glob)
* be longer than the URL we use. We allocate a good start size, then
* we need to realloc in case of need.
*/
allocsize=strlen(filename);
allocsize=strlen(filename)+1; /* make it at least one byte to store the
trailing zero */
target = malloc(allocsize);
if(NULL == target)
return NULL; /* major failure */
@ -548,7 +549,9 @@ char *glob_match_url(char *filename, URLGlob *glob)
}
if(appendlen + stringlen >= allocsize) {
char *newstr;
allocsize = (appendlen + stringlen)*2;
/* we append a single byte to allow for the trailing byte to be appended
at the end of this function outside the while() loop */
allocsize = (appendlen + stringlen)*2 + 1;
newstr=realloc(target, allocsize);
if(NULL ==newstr) {
free(target);