-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi!
Am 06.02.2005 um 04:21 schrieb primorec:
(gdb) list 842 filename = dirname(filename); 843 if (screen.path) 844 free(screen.path); 845 screen.path = (char *)malloc(strlen(filename) + 1); 846 strcpy(screen.path, filename); 847 screen.path = strncat(screen.path, "/", 1);
This is it (in fact it is a classical one)!
strlen(filename) gives the length of filename EXCLUDING the trailing \0. A buffer of size strlen(filename)+1 does have just enough space to include the trailing \0. When appending "/", you write past the end of that buffer. You have to change the +1 to a +2.
73, Mario
- -- Mario Klebsch [EMAIL PROTECTED]
PGP-Key available at http://www.klebsch.de/public.key
Fingerprint DSS: EE7C DBCC D9C8 5DC1 D4DB 1483 30CE 9FB2 A047 9CE0
Diffie-Hellman: D447 4ED6 8A10 2C65 C5E5 8B98 9464 53FF 9382 F518
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)
iD8DBQFCBfrdMM6fsqBHnOARAuBOAJ9f4Wi2KQApb2gVNOmQo5k8h3R+TgCgtPrd K+xEIl55QGKlkjLBMh88fNw= =rzlz -----END PGP SIGNATURE-----
