From 5fae7020fe5406c283390c6b44394cc7be32fdd5 Mon Sep 17 00:00:00 2001 From: marcel Date: Fri, 4 Aug 2006 21:28:42 +0000 Subject: Fix (static) buffer overflow bug. The dest buffer is of size MAXPATHLEN, so dest[MAXPATHLEN] falls outside the buffer. This bug corrupted arenas[0] defined in libc's malloc.c on PowerPC when kldxref is shared, which triggered a delayed SIGSERV. --- usr.sbin/kldxref/kldxref.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'usr.sbin/kldxref') diff --git a/usr.sbin/kldxref/kldxref.c b/usr.sbin/kldxref/kldxref.c index 4fa7c6d..40e364b 100644 --- a/usr.sbin/kldxref/kldxref.c +++ b/usr.sbin/kldxref/kldxref.c @@ -260,7 +260,7 @@ maketempfile(char *dest, const char *root) int fd; strncpy(dest, root, MAXPATHLEN - 1); - dest[MAXPATHLEN] = '\0'; + dest[MAXPATHLEN-1] = '\0'; if ((p = strrchr(dest, '/')) != 0) p++; -- cgit v1.1