William, I hope I correctly understood the purpose of that `+ 1` there. The issue was found using a static analyzer that complained that `fcount` could be zero, leading to a 0 byte allocation. If this fix is incorrect then the function must be adjusted to check for `fcount == 0` and do something sane.
Best regards Tim Düsterhus Apply with `git am --scissors` to automatically cut the commit message. -- >8 -- In `crtlist_dup_filters()` add the `1` to the number of elements instead of the size of a single element. This bug was introduced in commit 2954c478ebab019b814b97cbaec4653af7f03f34, which is 2.2+. No backport needed. --- src/ssl_sock.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 3d32ced7f..82b5cba4d 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -4656,7 +4656,7 @@ static char **crtlist_dup_filters(char **args, int fcount) char **dst; int i; - dst = calloc(fcount, sizeof(*dst) + 1); + dst = calloc(fcount + 1, sizeof(*dst)); if (!dst) return NULL; -- 2.25.2