diff options
| author | peter <peter@FreeBSD.org> | 2003-07-24 00:04:01 +0000 |
|---|---|---|
| committer | peter <peter@FreeBSD.org> | 2003-07-24 00:04:01 +0000 |
| commit | e6f6d9c519221651f0f5da97c8608eee1804520d (patch) | |
| tree | 96a07c147f58e91e6f9e60ca3341ebb8ed7526e7 /contrib/tar | |
| parent | 3c9c39005499801a81baa937dad098ba57a6a6f8 (diff) | |
| download | FreeBSD-src-e6f6d9c519221651f0f5da97c8608eee1804520d.zip FreeBSD-src-e6f6d9c519221651f0f5da97c8608eee1804520d.tar.gz | |
Fix an annoying bug in tar. When it converted 'tar zcf' to 'tar -z -c -f'
it forgot to null terminate the new argv[] array. If you mixed this
with $TAR_OPTIONS, phkmalloc and a whole bunch of other variables, you
could end up with a segfault. This isn't strictly a phkmalloc victory
since tar walks off the end of an array rather than use uninitialized
malloc memory, but phkmalloc makes it easier to provoke.
Diffstat (limited to 'contrib/tar')
| -rw-r--r-- | contrib/tar/src/tar.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/contrib/tar/src/tar.c b/contrib/tar/src/tar.c index ab8ca20..7d872fa 100644 --- a/contrib/tar/src/tar.c +++ b/contrib/tar/src/tar.c @@ -549,7 +549,7 @@ decode_options (int argc, char **argv) /* Allocate a new argument array, and copy program name in it. */ new_argc = argc - 1 + strlen (argv[1]); - new_argv = xmalloc (new_argc * sizeof (char *)); + new_argv = xmalloc ((new_argc + 1) * sizeof (char *)); in = argv; out = new_argv; *out++ = *in++; @@ -577,6 +577,9 @@ decode_options (int argc, char **argv) while (in < argv + argc) *out++ = *in++; + /* And NULL terminate the argv[] array */ + *out++ = NULL; + /* Replace the old option list by the new one. */ argc = new_argc; |
