From: Dave Airlie <[email protected]> this code wasn't allocating enough space and was assigning the NULL one past the end.
Pointed out by coverity. Signed-off-by: Dave Airlie <[email protected]> --- hw/kdrive/src/kinput.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c index c14dd82..977131c 100644 --- a/hw/kdrive/src/kinput.c +++ b/hw/kdrive/src/kinput.c @@ -1054,7 +1054,7 @@ KdGetOptions (InputOption **options, char *string) if (strchr(string, '=')) { tam_key = (strchr(string, '=') - string); - newopt->key = (char *)malloc(tam_key); + newopt->key = (char *)malloc(tam_key + 1); strncpy(newopt->key, string, tam_key); newopt->key[tam_key] = '\0'; newopt->value = strdup(strchr(string, '=') + 1); -- 1.7.6.4 _______________________________________________ [email protected]: X.Org development Archives: http://lists.x.org/archives/xorg-devel Info: http://lists.x.org/mailman/listinfo/xorg-devel
