[Flightgear-devel] [PATCH] memory corruption in prop_picker.cxx

Frederic Bouvier Sun, 02 Mar 2003 07:37:55 -0800

Hello,

arrays of insufficient size are allocated in prop_picker.cxx ( size()
don't count the null char ) and strcpy is writing outside the allocated
array. A patch follow.


Cheers,
-Fred

D:\FlightGear\cvs\FlightGear\src\GUI>cvs diff -u prop_picker.cxx
Index: prop_picker.cxx
===================================================================
RCS file: /var/cvs/FlightGear-0.9/FlightGear/src/GUI/prop_picker.cxx,v
retrieving revision 1.2
diff -u -r1.2 prop_picker.cxx
--- prop_picker.cxx     4 Feb 2003 22:27:58 -0000       1.2
+++ prop_picker.cxx     2 Mar 2003 15:34:42 -0000
@@ -445,11 +445,11 @@
     files = new char* [ num_files+1 ] ;

     stdString line = ".";
-    files [ 0 ] = new char[line.size()];
+    files [ 0 ] = new char[line.size() + 1];
     strcpy ( files [ 0 ], line.c_str() );

     line = "..";
-    files [ 1 ] = new char[line.size()];
+    files [ 1 ] = new char[line.size() + 1];
     strcpy ( files [ 1 ], line.c_str() );

     pi = 2;



_______________________________________________
Flightgear-devel mailing list
[EMAIL PROTECTED]
http://mail.flightgear.org/mailman/listinfo/flightgear-devel

[Flightgear-devel] [PATCH] memory corruption in prop_picker.cxx

Reply via email to