On Thu, Nov 30, 2006 at 08:49:26AM +0100, Jens Seidel wrote: > If the buffer needs to be longer by one than Bins you probably also need > +if (Bins.length() >= sizeof(Buffer))
Good catch, thanks! Updated patch attached. I wonder what the second part of this is good for: if (Bins.empty() == true || Bins.length() >= 102400) return 0; Oh, well.... that's a high enough number that it probably won't be(come) a real world problem and if we're getting that nitpicky at fixing surrounding issues we should probably start by checking if the BigBuf memory allocation failed first. :) -- Regards, Andreas Henriksson
diff -uri apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc --- apt-0.6.46.3/apt-pkg/deb/debsrcrecords.cc 2006-03-02 14:44:28.000000000 +0100 +++ apt-0.6.46.3-fixed/apt-pkg/deb/debsrcrecords.cc 2006-11-30 10:35:18.000000000 +0100 @@ -38,9 +38,9 @@ // is large, to avoid a performance penalty char *BigBuf = NULL; char *Buf; - if (Bins.length() > sizeof(Buffer)) + if (Bins.length() >= sizeof(Buffer)) { - BigBuf = new char[Bins.length()]; + BigBuf = new char[Bins.length()+1]; Buf = BigBuf; } else