On 4 November 2015 at 18:38, Alan Wehmann <[email protected]> wrote:
In "install-info_orig_seq.c" the line:
1447 strncat (*outstr, line_out, offset_out);
is where the error occurred.
> After some study I decided to try making sure that "line_out" is terminated
> by a '\0' character, so I have the code in "install-info_altered_seq.c":
>
> 1465 line_out = (char *) realloc ((void *)line_out,
> allocated_out+1);
> 1466 line_out[offset_out+1] = '\0';
>
> that adds a '\0' character to "line_out" and allocates space for it.
> This seemed to make the problem with “strncat” go away.
Thanks for investigating further. I don't understand why this is
necessary. From libc manual:
-- Function: char * strncat (char *restrict TO, const char *restrict
FROM, size_t SIZE)
This function is like `strcat' except that not more than SIZE
characters from FROM are appended to the end of TO. A single null
character is also always appended to TO, so the total allocated
size of TO must be at least `SIZE + 1' bytes longer than its
initial length.
There'll be a bug if the SIZE argument is too long and we go past the
end of the allocated space after FROM. Adding a null byte at the end
of FROM will stop it. This is the offset_out variable - we need to
find out why it's too big. I'm looking at this now.
