From 33e610616a2b48f9a7eb56c4ebb0325b66df0376 Mon Sep 17 00:00:00 2001 From: Ben Pfaff Date: Fri, 9 Apr 2010 21:45:50 -0700 Subject: [PATCH] dictionary: Fix potential access beyond allocated memory. This code replaces the dictionary's "var" array by another one, so it must either update "var_cap" to the allocated size or allocate "var_cap" (not "var_cnt") elements. I chose the latter fix. --- src/data/dictionary.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/data/dictionary.c b/src/data/dictionary.c index 43df1eb0e6..f69d91e360 100644 --- a/src/data/dictionary.c +++ b/src/data/dictionary.c @@ -683,7 +683,7 @@ dict_reorder_vars (struct dictionary *d, assert (count == 0 || order != NULL); assert (count <= d->var_cnt); - new_var = xnmalloc (d->var_cnt, sizeof *new_var); + new_var = xnmalloc (d->var_cap, sizeof *new_var); memcpy (new_var, order, count * sizeof *new_var); for (i = 0; i < count; i++) { -- 2.30.2