Fix (static) buffer overflow bug. The dest buffer is of size MAXPATHLEN,

so dest[MAXPATHLEN] falls outside the buffer. This bug corrupted arenas[0] defined in libc's malloc.c on PowerPC when kldxref is shared, which triggered a delayed SIGSERV.
author: marcel <marcel@FreeBSD.org> 2006-08-04 21:28:42 +0000
committer: marcel <marcel@FreeBSD.org> 2006-08-04 21:28:42 +0000
commit: 5fae7020fe5406c283390c6b44394cc7be32fdd5 (patch)
tree: d2a482530f2ea65313d586e29ee2a4b7aae828dc /usr.sbin
parent: bc6ab54808cf20a40cd7ba44043d40db1ec2e78e (diff)
download: FreeBSD-src-5fae7020fe5406c283390c6b44394cc7be32fdd5.zip
FreeBSD-src-5fae7020fe5406c283390c6b44394cc7be32fdd5.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/usr.sbin/kldxref/kldxref.c b/usr.sbin/kldxref/kldxref.c
index 4fa7c6d..40e364b 100644
--- a/usr.sbin/kldxref/kldxref.c
+++ b/usr.sbin/kldxref/kldxref.c
@@ -260,7 +260,7 @@ maketempfile(char *dest, const char *root)
 	int fd;
 
 	strncpy(dest, root, MAXPATHLEN - 1);
-	dest[MAXPATHLEN] = '\0';
+	dest[MAXPATHLEN-1] = '\0';
 
 	if ((p = strrchr(dest, '/')) != 0)
 		p++;
author	marcel <marcel@FreeBSD.org>	2006-08-04 21:28:42 +0000
committer	marcel <marcel@FreeBSD.org>	2006-08-04 21:28:42 +0000
commit	5fae7020fe5406c283390c6b44394cc7be32fdd5 (patch)
tree	d2a482530f2ea65313d586e29ee2a4b7aae828dc /usr.sbin
parent	bc6ab54808cf20a40cd7ba44043d40db1ec2e78e (diff)
download	FreeBSD-src-5fae7020fe5406c283390c6b44394cc7be32fdd5.zip FreeBSD-src-5fae7020fe5406c283390c6b44394cc7be32fdd5.tar.gz