Package: unhtml
Version: 2.3.9
Tags: patch
Too few bytes are allocated;
check is for if (i>tag_size-1) but on EOF a NULL is also written.
I also took the opportunity to remove an unnecessary and probably not
useful re-allocation.
--- unhtml-2.3.9/unhtml.c 2009-06-26 16:20:07.000000000 -0700
+++ /tmp/unhtml-2.3.9/unhtml.c 2009-06-26 16:20:52.000000000 -0700
@@ -130,30 +130,16 @@
m_putchar(tag[j]);
}
- if (tag_size > MAX_TAG_SIZE) {
- free(tag);
- tag_size = MAX_TAG_SIZE;
- tag = (char *)malloc(tag_size);
- if (!tag) {
- fprintf (stderr, "Cannot malloc tag space (%d bytes).\n",
tag_size);
- return 1;
- }
- }
-
break;
}
- if (i > (tag_size - 1)) {
- while (tag_size < i)
- tag_size *= 2;
- tmp = (char *)malloc(tag_size);
+ if (i >= tag_size-1) {
+ tag_size <<= 1;
+ tmp = realloc(tag, tag_size);
if (!tmp) {
fprintf (stderr, "Cannot malloc tag space (%d bytes).\n", tag_size);
return 1;
}
- memset(tmp, 0, tag_size);
- memcpy(tmp, tag, i);
- free(tag);
tag = tmp;
}
@@ -225,17 +211,13 @@
tag[i] = ch;
i++;
- if (i > (tag_size - 1)) {
- while (tag_size < i)
- tag_size *= 2;
- tmp = (char *)malloc(tag_size);
+ if (i >= tag_size-1) {
+ tag_size <<= 1;
+ tmp=realloc(tag, tag_size);
if (!tmp) {
fprintf (stderr, "Cannot malloc tag space (%d bytes).\n",
tag_size);
return 1;
}
- memset(tmp, 0, tag_size);
- memcpy(tmp, tag, i);
- free(tag);
tag = tmp;
}
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
