ref: bf10f672ecc473547b44f98c5fda0754adf4b1b6
parent: 09d465a9761be085b697b4ec342f5022469eb29a
author: cinap_lenrek <cinap_lenrek@gmx.de>
date: Sun Aug 11 04:34:34 EDT 2013
vt: fix off by one memory corruption account for the final 0 byte in host_buf.
--- a/sys/src/cmd/vt/main.c
+++ b/sys/src/cmd/vt/main.c
@@ -183,7 +183,7 @@
break;
}ARGEND;
- host_buf = malloc(host_bsize);
+ host_buf = mallocz(host_bsize, 1);
hostp = host_buf;
hostlength = 0;
@@ -808,8 +808,8 @@
set_host(Event *e)
{hostlength = e->n;
- if(hostlength > host_bsize) {- host_bsize *= 2;
+ if(hostlength >= host_bsize) {+ host_bsize = BSIZE*((hostlength + BSIZE)/BSIZE);
host_buf = realloc(host_buf,host_bsize);
}
hostp = host_buf;
--
⑨