Code

An off-by-one bug found by valgrind
authorPavel Roskin <proski@gnu.org>
Wed, 21 Dec 2005 20:35:48 +0000 (15:35 -0500)
committerJunio C Hamano <junkio@cox.net>
Wed, 21 Dec 2005 21:00:31 +0000 (13:00 -0800)
Insufficient memory is allocated in index-pack.c to hold the *.idx name.
One more byte should be allocated to hold the terminating 0.

Signed-off-by: Pavel Roskin <proski@gnu.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
index-pack.c

index 785fe71a6fb5e518f92d62bace43cdd13f3c37ae..d4ce3af5878e6e8d855783002f9d4e3f44af8d05 100644 (file)
@@ -440,7 +440,7 @@ int main(int argc, char **argv)
                if (len < 5 || strcmp(pack_name + len - 5, ".pack"))
                        die("packfile name '%s' does not end with '.pack'",
                            pack_name);
-               index_name_buf = xmalloc(len - 1);
+               index_name_buf = xmalloc(len);
                memcpy(index_name_buf, pack_name, len - 5);
                strcpy(index_name_buf + len - 5, ".idx");
                index_name = index_name_buf;