Bugfixes.
* mailbox/stream.c (mu_stream_readline): Account for terminating null (fixes buffer overrun). (mu_stream_getline): Fix reallocation condition.
Showing
1 changed file
with
2 additions
and
1 deletions
| ... | @@ -298,6 +298,7 @@ mu_stream_readline (mu_stream_t is, char *buf, size_t count, | ... | @@ -298,6 +298,7 @@ mu_stream_readline (mu_stream_t is, char *buf, size_t count, |
| 298 | size_t n, nr = 0; | 298 | size_t n, nr = 0; |
| 299 | char c; | 299 | char c; |
| 300 | /* Grossly inefficient hopefully they override this */ | 300 | /* Grossly inefficient hopefully they override this */ |
| 301 | count--; /* Leave space for the null. */ | ||
| 301 | for (n = 0; n < count; ) | 302 | for (n = 0; n < count; ) |
| 302 | { | 303 | { |
| 303 | status = is->_read (is, &c, 1, offset, &nr); | 304 | status = is->_read (is, &c, 1, offset, &nr); |
| ... | @@ -419,7 +420,7 @@ mu_stream_getline (mu_stream_t is, char **pbuf, size_t *pbufsize, | ... | @@ -419,7 +420,7 @@ mu_stream_getline (mu_stream_t is, char **pbuf, size_t *pbufsize, |
| 419 | size_t nread; | 420 | size_t nread; |
| 420 | int rc; | 421 | int rc; |
| 421 | 422 | ||
| 422 | if (off + 1 == bufsize) | 423 | if (off == bufsize) |
| 423 | { | 424 | { |
| 424 | char *p; | 425 | char *p; |
| 425 | p = realloc (buf, bufsize + DELTA); | 426 | p = realloc (buf, bufsize + DELTA); | ... | ... |
-
Please register or sign in to post a comment