diff options
author | pgen <p.gen.progs@gmail.com> | 2022-05-24 23:19:55 +0200 |
---|---|---|
committer | pgen <p.gen.progs@gmail.com> | 2022-05-24 23:19:55 +0200 |
commit | 692bca0617d5451178dc594ea52e7bfb611ba8e1 (patch) | |
tree | 523ad26847cffc3509de0109e74e2fa7d3a90156 /smenu.c | |
parent | fd6694a3fba6fa87ed44819998ca1912431d5b32 (diff) |
Fix a potential memory corruption in some cases
When processing words containing UTF-8 sequences in tab mode an
insufficient amount of memory may be allocated for the display of these
words, resulting in potential memory corruption.
Diffstat (limited to 'smenu.c')
-rw-r--r-- | smenu.c | 5 |
1 files changed, 4 insertions, 1 deletions
@@ -9214,8 +9214,11 @@ main(int argc, char * argv[]) word_a[count].str = NULL; /* We can now allocate the space for our tmp_word work variable. */ + /* augmented by the number of tabulation columns. This is not */ + /* optimal but the loss is tiny and we have the guarantee that */ + /* enough place will be allocated. */ /* """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""" */ - tmp_word = xcalloc(word_real_max_size + 1, 1); + tmp_word = xcalloc(word_real_max_size + tab_max_size + 1, 1); search_data.utf8_off_a = xmalloc(word_real_max_size * sizeof(long)); search_data.utf8_len_a = xmalloc(word_real_max_size * sizeof(long)); |