[git commit master 1/1] config parser: fix memory corruption

Timo Teräs timo.teras at iki.fi
Fri Aug 6 14:10:28 UTC 2010


commit: http://git.uclibc.org/uClibc/commit/?id=ace0878b0b708e1b04e9e7a62f26c1dc3b9295b5
branch: http://git.uclibc.org/uClibc/commit/?id=refs/heads/master

fgets will happily write over allocated area limits. Adjusted the
buffer size according to how much is already read.

Also increase the maximum default line length, as 80 is slightly
small. It might be better if bb_get_chunk_with_continuation would
reallocate the line buffer if it was not user given.

Signed-off-by: Timo Teräs <timo.teras at iki.fi>
Signed-off-by: Bernhard Reutner-Fischer <rep.dot.nop at gmail.com>
---
 libc/misc/internals/parse_config.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/libc/misc/internals/parse_config.c b/libc/misc/internals/parse_config.c
index cbb6ef7..9ddf3ee 100644
--- a/libc/misc/internals/parse_config.c
+++ b/libc/misc/internals/parse_config.c
@@ -60,7 +60,7 @@ static off_t bb_get_chunk_with_continuation(parser_t* parsr)
 	char *chp;
 
 	while (1) {
-		if (fgets(parsr->line + pos, parsr->line_len, parsr->fp) == NULL) {
+		if (fgets(parsr->line + pos, parsr->line_len - pos, parsr->fp) == NULL) {
 			memset(parsr->line, 0, parsr->line_len);
 			pos = -1;
 			break;
@@ -179,7 +179,7 @@ int attribute_hidden FAST_FUNC config_read(parser_t *parser, char ***tokens,
 again:
 	if (parser->data == NULL) {
 		if (parser->line_len == 0)
-			parser->line_len = 81;
+			parser->line_len = PAGE_SIZE;
 		if (parser->data_len == 0)
 			parser->data_len += 1 + ntokens * sizeof(char *);
 		parser->data = realloc(parser->data,
-- 
1.7.1



More information about the uClibc-cvs mailing list