mirrors/snac2
3
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-11-10 03:50:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix heap overflow from curl-originating buffers

Browse Source 
Most of xs.h seems to expect that buffers are rounded up to block size,
so we should preserve that invariant here. (In particular, xs_expand
will avoid calling xs_realloc if the new size fits in the same block,
which means that if we don't pad out the data it will expand out of the
memory we're allocated.)
This commit is contained in:
Saagar Jha 2023-04-10 01:34:48 -07:00
parent 632bbe475c
commit ea9c030249
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
xs_curl.h
View File

@ -55,7 +55,7 @@ static int _data_callback(void *buffer, size_t size,
/* open space */ /* open space */
pd->size += sz; pd->size += sz;
pd->data = xs_realloc(pd->data, pd->size + 1); pd->data = xs_realloc(pd->data, _xs_blk_size(pd->size + 1));
/* copy data */ /* copy data */
memcpy(pd->data + pd->offset, buffer, sz); memcpy(pd->data + pd->offset, buffer, sz);