[Reproducible-commits] [dpkg] 07/24: dpkg: Fix off-by-one array allocation

[Niko Tyni]

This is an automated email from the git hooks/post-receive script.

ntyni pushed a commit to branch ntyni/reproducible_builds
in repository dpkg.

commit 776bbabb4533d9d48c6356744839e10338ace2b8
Author: Guillem Jover <guillem at debian.org>
Date:   Tue May 3 19:15:01 2016 +0200

    dpkg: Fix off-by-one array allocation
    
    We need two entries more than the current nfiles, one for the next one
    and one for the final NULL.
---
 debian/changelog | 2 ++
 src/archives.c   | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index 99e9a40..dc5e97a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -5,6 +5,8 @@ dpkg (1.18.6) UNRELEASED; urgency=medium
     files in the filesystem as «pathname».dpkg-new after configuration
     and without traces of the files in the dpkg database. Closes: #823288
   * Use m_strdup() instead of strdup() in dpkg recursive installation code.
+  * Fix off-by-one array allocation in dpkg recursive installation code that
+    can cause segfaults.
   * Packaging:
     - Bump Standards-Version to 3.9.8 (no changes needed).
 
diff --git a/src/archives.c b/src/archives.c
index 44753bd..fa64d0c 100644
--- a/src/archives.c
+++ b/src/archives.c
@@ -1482,7 +1482,7 @@ archivefiles(const char *const *argv)
         if (strcmp(nodename + strlen(nodename) - 4, ".deb") != 0)
           continue;
 
-        arglist = m_realloc(arglist, sizeof(char *) * (nfiles + 1));
+        arglist = m_realloc(arglist, sizeof(char *) * (nfiles + 2));
         arglist[nfiles++] = m_strdup(nodename);
       }
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/reproducible/dpkg.git