An off-by-one bug found by valgrind

Insufficient memory is allocated in index-pack.c to hold the *.idx name.
One more byte should be allocated to hold the terminating 0.

Signed-off-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>

diff --git a/index-pack.c b/index-pack.c
index 785fe71a6fb5e518f92d62bace43cdd13f3c37ae..d4ce3af5878e6e8d855783002f9d4e3f44af8d05 100644 (file)
--- a/index-pack.c
+++ b/index-pack.c
@@ -440,7 +440,7 @@ int main(int argc, char **argv)
                if (len < 5 || strcmp(pack_name + len - 5, ".pack"))
                        die("packfile name '%s' does not end with '.pack'",
                            pack_name);
-               index_name_buf = xmalloc(len - 1);
+               index_name_buf = xmalloc(len);
                memcpy(index_name_buf, pack_name, len - 5);
                strcpy(index_name_buf + len - 5, ".idx");
                index_name = index_name_buf;