diff options
author | Jan Stancek <jstancek@redhat.com> | 2013-03-21 16:08:26 +0100 |
---|---|---|
committer | Wanlong Gao <gaowanlong@cn.fujitsu.com> | 2013-03-22 10:43:09 +0800 |
commit | f56e615d4b0b931a104c3daa0f4ed62a2c6a3e2c (patch) | |
tree | c5bd2a92aa2e942ccdc46c2c8aefee51c70ec051 /pan | |
parent | 575f9932699347440201d5ca6814cbe16cf35ac5 (diff) |
pan: fix potential overrun in tag_report
char *cuts_info[5];
...
while (tok_num < 5 &&
(cuts_info[++tok_num] = strtok(NULL, "\t ")) != NULL) ;
While above can run for tok_num == 4, in which case:
cuts_info[++tok_num] becomes cuts_info[5]
and that is outside of cuts_info array.
Signed-off-by: Jan Stancek <jstancek@redhat.com>
Signed-off-by: Wanlong Gao <gaowanlong@cn.fujitsu.com>
Diffstat (limited to 'pan')
-rw-r--r-- | pan/tag_report.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pan/tag_report.c b/pan/tag_report.c index 473bed1d1..61caabd56 100644 --- a/pan/tag_report.c +++ b/pan/tag_report.c @@ -425,7 +425,7 @@ SYM tags; int cuts_testcase(tag, keys) SYM tag, keys; { - char *cuts_info[5]; + char *cuts_info[6]; char key[KEYSIZE]; char *oldresult, *newresult, *worst_case(); int tok_num = 0; |