tigervnc/SOURCES/tigervnc-passwd-crash-with-malloc-checks.patch

42 lines
1.3 KiB
Diff
Raw Normal View History

2020-12-08 10:13:19 +00:00
diff --git a/common/rfb/Password.cxx b/common/rfb/Password.cxx
index e4a508c..f555c57 100644
--- a/common/rfb/Password.cxx
+++ b/common/rfb/Password.cxx
@@ -55,7 +55,7 @@ PlainPasswd::~PlainPasswd() {
void PlainPasswd::replaceBuf(char* b) {
if (buf)
- memset(buf, 0, strlen(buf));
+ memset(buf, 0, length ? length : strlen(buf));
CharArray::replaceBuf(b);
}
diff --git a/common/rfb/util.h b/common/rfb/util.h
index 3100f90..764692a 100644
--- a/common/rfb/util.h
+++ b/common/rfb/util.h
@@ -51,16 +51,21 @@ namespace rfb {
CharArray() : buf(0) {}
CharArray(char* str) : buf(str) {} // note: assumes ownership
CharArray(size_t len) {
+ length = len;
buf = new char[len]();
}
~CharArray() {
- delete [] buf;
+ if (buf) {
+ delete [] buf;
+ buf = nullptr;
+ }
}
void format(const char *fmt, ...) __printf_attr(2, 3);
// Get the buffer pointer & clear it (i.e. caller takes ownership)
char* takeBuf() {char* tmp = buf; buf = 0; return tmp;}
- void replaceBuf(char* b) {delete [] buf; buf = b;}
+ void replaceBuf(char* b) {if (buf) delete [] buf; buf = b;}
char* buf;
+ size_t length = 0;
private:
CharArray(const CharArray&);
CharArray& operator=(const CharArray&);