27 lines
928 B
Diff
27 lines
928 B
Diff
The memcpy below tried to copy too much data (it's capacity of the section * 2,
|
|
max is doubled few lines above). Let's copy only the used data.
|
|
|
|
|
|
Unrelated observation:
|
|
|
|
I wonder what ensureClSpace() function does at all. How can this check
|
|
be ever true:
|
|
|
|
else if (sct->used >= max) {
|
|
|
|
'max' is basically sct->max, does that mean the sct->used contains already new
|
|
size of the section?
|
|
|
|
diff -up sblim-sfcb-1.3.16/objectImpl.c.invalid-read2 sblim-sfcb-1.3.16/objectImpl.c
|
|
--- sblim-sfcb-1.3.16/objectImpl.c.invalid-read2 2013-04-19 14:42:52.000000000 +0200
|
|
+++ sblim-sfcb-1.3.16/objectImpl.c 2013-04-19 14:43:23.039536156 +0200
|
|
@@ -168,7 +168,7 @@ static void *ensureClSpace(ClObjectHdr *
|
|
void *f,*t;
|
|
f=((char*)hdr)+sct->sectionOffset;
|
|
t=malloc(max*size);
|
|
- memcpy(t,f,max*size);
|
|
+ memcpy(t,f,sct->used*size);
|
|
sct->max=max;
|
|
setSectionPtr(sct, t);
|
|
}
|