- changed status to resolved
history_load(): off-by-one by incorrect use of fgetln(3)
Issue #95
resolved
following code:
for (i = 0; (line = fgetln(fp, &sz)) != NULL; i++) {
char c = line[sz];
if (sz != 0 && line[sz - 1] == '\n')
line[--sz] = '\0';
else
line[sz] = '\0';
...
line[sz] = c;
if the file end with a line that lacks newline, ptr[len] = '\0' causes off-by-one buffer overflow. see fgetln(3)'s manual CAVEATS.
Comments (1)
-
reporter - Log in to comment
BUGFIX: Issue
#95- history_load(): off-by-one by incorrect use of fgetln(3).→ <<cset 238ec0ee0fb2>>