Re: jobserver_fds->list buffer overflow

bug-make

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: jobserver_fds->list buffer overflow

From:	Paul Smith
Subject:	Re: jobserver_fds->list buffer overflow
Date:	Mon, 08 Jan 2007 23:48:16 -0500

On Mon, 2007-01-08 at 22:26 -0500, Ken Takusagawa wrote:
> In main.c we have
> 
>       jobserver_fds->list[0] = xmalloc ((sizeof ("1024")*2)+1);
> 
>       sprintf (jobserver_fds->list[0], "%d,%d", job_fds[0], job_fds[1]);
> 
> Shouldn't xmalloc get a "+2" instead of "+1"?  1 for the comma, and
> one for the null terminator?

sizeof("1024") is 5 (the sizeof() a constant string includes the \0
terminator).  I'm not sure why we add one, to be honest.  Just being
extra safe I guess.

-- 
-------------------------------------------------------------------------------
 Paul D. Smith <address@hidden>          Find some GNU make tips at:
 http://www.gnu.org                      http://make.paulandlesley.org
 "Please remain calm...I may be mad, but I am a professional." --Mad Scientist

[Prev in Thread]

Current Thread

[Next in Thread]

jobserver_fds->list buffer overflow, Ken Takusagawa, 2007/01/08
- Re: jobserver_fds->list buffer overflow, Paul Smith <=

Prev by Date: jobserver_fds->list buffer overflow
Next by Date: EAGAIN in "read jobs pipe"
Previous by thread: jobserver_fds->list buffer overflow
Next by thread: EAGAIN in "read jobs pipe"
Index(es):
- Date
- Thread