Bug#400874: I hope this is the right fix...
On Thu, Nov 30, 2006 at 08:49:26AM +0100, Jens Seidel wrote:
> If the buffer needs to be longer by one than Bins you probably also need
> +if (Bins.length() >= sizeof(Buffer))
Good catch, thanks!
Updated patch attached.
I wonder what the second part of this is good for:
if (Bins.empty() == true || Bins.length() >= 102400)
return 0;
Oh, well.... that's a high enough number that it probably won't be(come)
a real world problem and if we're getting that nitpicky at fixing
surrounding issues we should probably start by checking if the BigBuf
memory allocation failed first. :)
--
Regards,
Andreas Henriksson
diff -uri apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc
--- apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc 2006-03-02 14:44:28.000000000 +0100
+++ apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc 2006-11-30 10:35:18.000000000 +0100
@@ -38,9 +38,9 @@
// is large, to avoid a performance penalty
char *BigBuf = NULL;
char *Buf;
- if (Bins.length() > sizeof(Buffer))
+ if (Bins.length() >= sizeof(Buffer))
{
- BigBuf = new char[Bins.length()];
+ BigBuf = new char[Bins.length()+1];
Buf = BigBuf;
}
else
Reply to: