From ce53d8ec8550965084304e975a0636b40d7e64a7 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Jos=C3=A9=20Bollo?= Date: Thu, 4 Apr 2019 15:28:03 +0200 Subject: [PATCH] afb-export: Fix heap corruption MIME-Version: 1.0 Content-Type: text/plain; charset=utf8 Content-Transfer-Encoding: 8bit The allocated size wasn't correct when 'path' was used. The effect be unseen depending on size and alignment of heap chunks. Change-Id: Id9f85a0078028319491b51bc3e11cd51e4bc3755 Signed-off-by: José Bollo --- src/afb-export.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/afb-export.c b/src/afb-export.c index b46e6a08..2c6522f0 100644 --- a/src/afb-export.c +++ b/src/afb-export.c @@ -1372,7 +1372,7 @@ static struct afb_export *create( return NULL; } lenapi = strlen(apiname); - export = calloc(1, sizeof *export + 1 + lenapi + (path == apiname || !path ? 0 : strlen(path))); + export = calloc(1, sizeof *export + 1 + lenapi + (path == apiname || !path ? 0 : 1 + strlen(path))); if (!export) errno = ENOMEM; else { -- 2.16.6