[syslinux:elflink] core/elflink: Fix off-by-one error
syslinux-bot for Matt Fleming
matt.fleming at intel.com
Tue Nov 27 14:15:05 PST 2012
Commit-ID: e955e5c00a852883f6972e1a9bc304413ff79627
Gitweb: http://www.syslinux.org/commit/e955e5c00a852883f6972e1a9bc304413ff79627
Author: Matt Fleming <matt.fleming at intel.com>
AuthorDate: Tue, 27 Nov 2012 20:12:58 +0000
Committer: Matt Fleming <matt.fleming at intel.com>
CommitDate: Tue, 27 Nov 2012 21:09:45 +0000
core/elflink: Fix off-by-one error
We need to remember to allocate space for the terminating NULL in
create_args_and_load() otherwise we will write a NUL-byte past the
bounds of 'argv[]' to some random part of the stack.
Signed-off-by: Matt Fleming <matt.fleming at intel.com>
---
core/elflink/load_env32.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/core/elflink/load_env32.c b/core/elflink/load_env32.c
index 49c5989..23d6baa 100644
--- a/core/elflink/load_env32.c
+++ b/core/elflink/load_env32.c
@@ -170,9 +170,10 @@ int create_args_and_load(char *cmdline)
* Generate a copy of argv on the stack as this is
* traditionally where process arguments go.
*
- * argv[0] must be the command name.
+ * argv[0] must be the command name. Remember to allocate
+ * space for the sentinel NULL.
*/
- argv = alloca(argc * sizeof(char *));
+ argv = alloca((argc + 1) * sizeof(char *));
for (i = 0, p = cmdline; i < argc; i++) {
char *start;
More information about the Syslinux-commits
mailing list