aboutsummaryrefslogtreecommitdiff
path: root/src/cmd/venti/srv/png.c
diff options
context:
space:
mode:
authorRay Lai <ray@raylai.com>2016-05-18 14:06:20 +0800
committerGleydson Soares <gsoares@gmail.com>2017-04-08 00:06:42 +0000
commit94b38bdb722052838eb0d940c05995b870db4ea0 (patch)
treecaa3e66b9f3395c55385c5e201ac5ad336b101ef /src/cmd/venti/srv/png.c
parent669713d43f8a014ba481265d4c58c3fe575527b4 (diff)
downloadplan9port-94b38bdb722052838eb0d940c05995b870db4ea0.tar.gz
plan9port-94b38bdb722052838eb0d940c05995b870db4ea0.tar.bz2
plan9port-94b38bdb722052838eb0d940c05995b870db4ea0.zip
libdraw: replace hand-rolled realloc, preventing buffer overflow.
The original buffer is f->nsubf*sizeof *subf bytes (oldsize) large. Once it's full, a new buffer of (f->nsubf+DSUBF)*sizeof *subf (newsize) is mallocated. Unfortunately memmove() reads (newsize) bytes from the original (oldsize) buffer, causing a buffer overflow. By switching to realloc(), we don't need to do buffer size calculation, memmoving, and freeing of the original buffer. Change-Id: Ibf85bc06abe1c8275b11acb1d7d346a14291d2cd Reviewed-on: https://plan9port-review.googlesource.com/1520 Reviewed-by: Gleydson Soares <gsoares@gmail.com>
Diffstat (limited to 'src/cmd/venti/srv/png.c')
0 files changed, 0 insertions, 0 deletions