From 6f987c55215147d4ae18b7b4a7ddd35dda9cd01e Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Sun, 17 Mar 2019 17:27:26 -0500 Subject: Fix xstrndup() bug. Now there's a second user... the libc function already null terminates at len+1, and it doesn't malloc the full size if strlen() smaller so the redundant termination stomped unallocated memory. Oops. sort.c never noticed because it calculated length to truncate or copy existing string, so never hit this. --- lib/xwrap.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/xwrap.c b/lib/xwrap.c index d7b06c5a..c133125a 100644 --- a/lib/xwrap.c +++ b/lib/xwrap.c @@ -95,10 +95,9 @@ void *xrealloc(void *ptr, size_t size) // Die unless we can allocate a copy of this many bytes of string. char *xstrndup(char *s, size_t n) { - char *ret = strndup(s, ++n); + char *ret = strndup(s, n); if (!ret) error_exit("xstrndup"); - ret[--n] = 0; return ret; } -- cgit v1.2.3