Bug#400874: I hope this is the right fix...

[Andreas Henriksson <andreas@fatal.se>]

On Thu, Nov 30, 2006 at 08:49:26AM +0100, Jens Seidel wrote:
> If the buffer needs to be longer by one than Bins you probably also need
> +if (Bins.length() >= sizeof(Buffer))

Good catch, thanks!

Updated patch attached.


I wonder what the second part of this is good for:
		 
	if (Bins.empty() == true || Bins.length() >= 102400)
		return 0;

Oh, well.... that's a high enough number that it probably won't be(come)
a real world problem and if we're getting that nitpicky at fixing
surrounding issues we should probably start by checking if the BigBuf 
memory allocation failed first. :)

-- 
Regards,
Andreas Henriksson

diff -uri apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc
--- apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc	2006-03-02 14:44:28.000000000 +0100
+++ apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc	2006-11-30 10:35:18.000000000 +0100
@@ -38,9 +38,9 @@
    // is large, to avoid a performance penalty
    char *BigBuf = NULL;
    char *Buf;
-   if (Bins.length() > sizeof(Buffer))
+   if (Bins.length() >= sizeof(Buffer))
    {
-      BigBuf = new char[Bins.length()];
+      BigBuf = new char[Bins.length()+1];
       Buf = BigBuf;
    }
    else