lynx-dev [PATCH 2.8.5-dev14] buffer overrun in paste-URL

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

lynx-dev [PATCH 2.8.5-dev14] buffer overrun in paste-URL

From:	Ilya Zakharevich
Subject:	lynx-dev [PATCH 2.8.5-dev14] buffer overrun in paste-URL
Date:	Wed, 19 Feb 2003 12:59:14 -0800
User-agent:	Mutt/1.4i

Some functions assume a certain buffer-length of the argument strings
without documenting the requirement...

I found this only due to segfaults...

Hope this helps,
Ilya

--- ./src/LYMainLoop.c-pre1     Tue Feb 18 18:47:08 2003
+++ ./src/LYMainLoop.c  Wed Feb 19 02:21:22 2003
@@ -6984,7 +6984,10 @@ new_cmd:  /*
                    HTInfoMsg("No URL in the clipboard.");
                    break;
                }
-               buf = (char*)malloc(e - s + 1);
+               len = e - s + 1;
+               if (len < MAX_LINE)
+                   len = MAX_LINE;     /* Required for do_check_goto_URL() */
+               buf = (char*)malloc(len);
                strncpy(buf, s, e - s);
                buf[e - s] = '\0';
                t = buf;

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev [PATCH 2.8.5-dev14] buffer overrun in paste-URL, Ilya Zakharevich <=

Prev by Date: lynx-dev Re: Lynx problems
Next by Date: Re: lynx-dev [PATCH 2.8.5-dev14] Enable styles back
Previous by thread: lynx-dev "Alert!: Unable to access document." on local files
Next by thread: lynx-dev wishitem: keybinding to reset the current form
Index(es):
- Date
- Thread