This patch fixes a potential segfault when removing an attribute with ezxml_set_attr.
Complete description can be found here: http://sourceforge.net/tracker/?func=detail&aid=1653391&group_id=122291&atid=693016 Signed-off by: Robert Hazbun [email protected]<mailto:[email protected]> ---- --- ezxml-0.8.6.orig/ezxml.c 2012-04-06 17:28:38.000000000 -0700 +++ ezxml-0.8.6/ezxml.c 2012-04-06 17:34:54.000000000 -0700 @@ -1000,10 +1000,11 @@ if (value) xml->attr[l + 1] = (char *)value; // set attribute value else { // remove attribute if (xml->attr[c + 1][l / 2] & EZXML_NAMEM) free(xml->attr[l]); - memmove(xml->attr + l, xml->attr + l + 2, (c - l + 2) * sizeof(char*)); + memmove(xml->attr + l, xml->attr + l + 2, (c - l) * sizeof(char*)); xml->attr = realloc(xml->attr, (c + 2) * sizeof(char *)); + c-=2; memmove(xml->attr[c + 1] + (l / 2), xml->attr[c + 1] + (l / 2) + 1, - (c / 2) - (l / 2)); // fix list of which name/vals are malloced + ((c + 2) / 2) - (l / 2)); // fix list of which name/vals are malloced } xml->flags &= ~EZXML_DUP; // clear strdup() flag return xml; ----
_______________________________________________ openwrt-devel mailing list [email protected] https://lists.openwrt.org/mailman/listinfo/openwrt-devel
