projects
/
pspp
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
aa699d5
)
ods-reader: Fix write beyond end of buffer.
20120316030503/pspp
author
Ben Pfaff
<blp@cs.stanford.edu>
Thu, 15 Mar 2012 05:05:54 +0000
(22:05 -0700)
committer
Ben Pfaff
<blp@cs.stanford.edu>
Thu, 15 Mar 2012 23:17:07 +0000
(16:17 -0700)
The compiler multiplies by sizeof *var_spec for us here, so doing
it ourselves writes past the end of the allocated space.
Tracked down with valgrind.
Reported-by: bojo42 <bojo42@gmail.com>
src/data/ods-reader.c
patch
|
blob
|
history
diff --git
a/src/data/ods-reader.c
b/src/data/ods-reader.c
index 122e98c76d90060da92d7e79bca19adcc2599ff0..aedea078dfc34d82242a3783aeaef8e86e03b76a 100644
(file)
--- a/
src/data/ods-reader.c
+++ b/
src/data/ods-reader.c
@@
-462,7
+462,7
@@
ods_open_reader (struct spreadsheet_read_info *gri, struct dictionary **dict)
var_spec = xrealloc (var_spec, sizeof (*var_spec) * (idx + 1));
/* xrealloc (unlike realloc) doesn't initialise its memory to 0 */
- memset (var_spec + n_var_specs
* sizeof (*var_spec)
,
+ memset (var_spec + n_var_specs,
0,
(n_var_specs - idx + 1) * sizeof (*var_spec));
n_var_specs = idx + 1;
projects / pspp / commitdiff