18 lines
542 B
Diff
18 lines
542 B
Diff
From: Santiago Vila <sanvila@debian.org>
|
|
Subject: Fix heap-based buffer overflow in loadbuf()
|
|
Bug-Debian: http://bugs.debian.org/876511
|
|
X-Debian-version: 3.22-26
|
|
|
|
--- a/src/formisc.c
|
|
+++ b/src/formisc.c
|
|
@@ -103,7 +103,7 @@
|
|
}
|
|
/* append to buf */
|
|
void loadbuf(text,len)const char*const text;const size_t len;
|
|
-{ if(buffilled+len>buflen) /* buf can't hold the text */
|
|
+{ while(buffilled+len>buflen) /* buf can't hold the text */
|
|
buf=realloc(buf,buflen+=Bsize);
|
|
tmemmove(buf+buffilled,text,len);buffilled+=len;
|
|
}
|
|
|