Home Explore Help
Sign In
mirrors
/
snac2
mirror of https://codeberg.org/grunfink/snac2.git
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

Fix heap overflow from curl-originating buffers

Most of xs.h seems to expect that buffers are rounded up to block size,
so we should preserve that invariant here. (In particular, xs_expand
will avoid calling xs_realloc if the new size fits in the same block,
which means that if we don't pad out the data it will expand out of the
memory we're allocated.)
Saagar Jha 2 years ago
parent
632bbe475c
commit
ea9c030249
1 changed files with 1 additions and 1 deletions
Split View Show Diff Stats
  1. 1 1
      xs_curl.h

+ 1 - 1
xs_curl.h
View File 

@@ -55,7 +55,7 @@ static int _data_callback(void *buffer, size_t size,
 
 
     /* open space */
 
     pd->size += sz;
 
-    pd->data = xs_realloc(pd->data, pd->size + 1);
 
+    pd->data = xs_realloc(pd->data, _xs_blk_size(pd->size + 1));
 
 
     /* copy data */
 
     memcpy(pd->data + pd->offset, buffer, sz);