ref: 81ad1507f8be6c3ed38bd5703b4633643ef52685
parent: ecc0bbf84566b70b8cee3ee4cbda57c10e635196
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sun Aug 11 04:34:34 EDT 2013
vt: fix off by one memory corruption account for the final 0 byte in host_buf.
--- a/sys/src/cmd/vt/main.c
+++ b/sys/src/cmd/vt/main.c
@@ -183,7 +183,7 @@
break;
}ARGEND;
- host_buf = malloc(host_bsize);
+ host_buf = mallocz(host_bsize, 1);
hostp = host_buf;
hostlength = 0;
@@ -808,8 +808,8 @@
set_host(Event *e)
{hostlength = e->n;
- if(hostlength > host_bsize) {- host_bsize *= 2;
+ if(hostlength >= host_bsize) {+ host_bsize = BSIZE*((hostlength + BSIZE)/BSIZE);
host_buf = realloc(host_buf,host_bsize);
}
hostp = host_buf;
--
⑨