vlc | branch: master | Hugo Beauzée-Luyssen <[email protected]> | Wed Jun 27 11:06:42 2018 +0200| [d087a5f90abe4250ea7f3552f5031834abb689bd] | committer: Hugo Beauzée-Luyssen
httpd: Fix potential out of bound write > http://git.videolan.org/gitweb.cgi/vlc.git/?a=commit;h=d087a5f90abe4250ea7f3552f5031834abb689bd --- src/network/httpd.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/network/httpd.c b/src/network/httpd.c index 49c1471c96..65e718a197 100644 --- a/src/network/httpd.c +++ b/src/network/httpd.c @@ -1312,7 +1312,8 @@ static void httpd_ClientRecv(httpd_client_t *cl) cl->i_state = HTTPD_CLIENT_RECEIVE_DONE; } else for (;;) { /* we are reading a header -> char by char */ if (cl->i_buffer == cl->i_buffer_size) { - uint8_t *newbuf = realloc(cl->p_buffer, cl->i_buffer_size + 1024); + // Allocate an extra byte for the termination null byte + uint8_t *newbuf = realloc(cl->p_buffer, cl->i_buffer_size + 1025); if (!newbuf) { i_len = 0; break; @@ -1893,7 +1894,8 @@ static void httpdLoop(httpd_host_t *host) cl->i_buffer = 0; cl->i_buffer_size = 1000; free(cl->p_buffer); - cl->p_buffer = xmalloc(cl->i_buffer_size); + // Allocate an extra byte for the null terminating byte + cl->p_buffer = xmalloc(cl->i_buffer_size + 1); cl->i_state = HTTPD_CLIENT_RECEIVING; } else cl->i_state = HTTPD_CLIENT_DEAD; _______________________________________________ vlc-commits mailing list [email protected] https://mailman.videolan.org/listinfo/vlc-commits
