Fix buffer overflow due to wrong calculation of pointer buffer. (!1304) · Merge requests · graphviz / graphviz

Hanno Böck requested to merge hanno/graphviz:fix_overflow into master Jan 19, 2019

There's a buffer overflow in the parameter handling of dijkstra.

This can be seen with address sanitizer (compile with './configure CFLAGS="-fsanitize=address" LDFLAGS="-fsanitize=address"; make' and then run dijkstra with any parameter).

The reason are these lines: Files = malloc(sizeof(char *) * argc / 2 + 2); Nodes = malloc(sizeof(char *) * argc / 2 + 2);

The intention here seems to be to have space for argc pointers plus 2 extra pointers. However the brackets are missing, so it's only reserving 2 extra bytes, not space for 2 extra pointers.

Fix buffer overflow due to wrong calculation of pointer buffer.

Merge request reports