diff options
| author | Eric Anholt <anholt@FreeBSD.org> | 2004-01-07 05:28:57 +0000 |
|---|---|---|
| committer | Eric Anholt <anholt@FreeBSD.org> | 2004-01-07 05:28:57 +0000 |
| commit | 624a58b6e6a029e1a0cabe8e163e00a4a54cb1b3 (patch) | |
| tree | 945fb410115f157204938f1a2f0c6a5fe171c800 /usr.sbin | |
| parent | dba7bc6a65a30afb011390fda06100c2bda61f01 (diff) | |
| download | src-624a58b6e6a029e1a0cabe8e163e00a4a54cb1b3.tar.gz src-624a58b6e6a029e1a0cabe8e163e00a4a54cb1b3.zip | |
From PR:
In fdformat.c a closing parenthesis is at the wrong place. Instead of
adding sizeof _PATH_DEV + 1 to the length of argv[optind], the length of the
string starting (sizeof _PATH_DEV + 1) characters after argv[optind]'s
beginning (accessing junk memory if we jump over the terminating null
character) is passed to malloc().
PR: bin/60026
Submitted by: Stefan Farfeleder <stefan@fafoe.narf.at>
Notes
Notes:
svn path=/head/; revision=124200
Diffstat (limited to 'usr.sbin')
| -rw-r--r-- | usr.sbin/fdformat/fdformat.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.sbin/fdformat/fdformat.c b/usr.sbin/fdformat/fdformat.c index 0e624dec2705..dd92a86a5077 100644 --- a/usr.sbin/fdformat/fdformat.c +++ b/usr.sbin/fdformat/fdformat.c @@ -205,7 +205,7 @@ main(int argc, char **argv) if (stat(argv[optind], &sb) == -1 && errno == ENOENT) { /* try prepending _PATH_DEV */ - device = malloc(strlen(argv[optind] + sizeof _PATH_DEV + 1)); + device = malloc(strlen(argv[optind]) + sizeof(_PATH_DEV) + 1); if (device == 0) errx(EX_UNAVAILABLE, "out of memory"); strcpy(device, _PATH_DEV); |