From a55c6f410e2441300484d94d790d7f265c7991b6 Mon Sep 17 00:00:00 2001 From: DJ Delorie Date: Sun, 10 Apr 2011 19:15:10 +0000 Subject: merge from gcc --- libiberty/ChangeLog | 6 ++++++ libiberty/testsuite/test-expandargv.c | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/libiberty/ChangeLog b/libiberty/ChangeLog index f6138b6..a15ffa5 100644 --- a/libiberty/ChangeLog +++ b/libiberty/ChangeLog @@ -1,3 +1,9 @@ +2011-04-10 Jim Meyering + + Avoid memory overrun in a test leading to potential double-free. + * testsuite/test-expandargv.c (writeout_test): Fix off-by-one error: + i.e., do copy the trailing NUL byte. + 2011-03-31 Tristan Gingold * makefile.vms (OBJS): Add filename_cmp.obj diff --git a/libiberty/testsuite/test-expandargv.c b/libiberty/testsuite/test-expandargv.c index c16a032..57b96b3 100644 --- a/libiberty/testsuite/test-expandargv.c +++ b/libiberty/testsuite/test-expandargv.c @@ -204,7 +204,7 @@ writeout_test (int test, const char * test_data) if (parse == NULL) fatal_error (__LINE__, "Failed to malloc parse.", errno); - memcpy (parse, test_data, sizeof (char) * len); + memcpy (parse, test_data, sizeof (char) * (len + 1)); /* Run all possible replaces */ run_replaces (parse); -- cgit v1.1