William,
I hope I correctly understood the purpose of that `+ 1` there. The issue was
found using a static analyzer that complained that `fcount` could be zero,
leading to a 0 byte allocation. If this fix is incorrect then the function
must be adjusted to check for `fcount == 0` and do something sane.
Best regards
Tim Düsterhus
Apply with `git am --scissors` to automatically cut the commit message.
-- >8 --
In `crtlist_dup_filters()` add the `1` to the number of elements instead of
the size of a single element.
This bug was introduced in commit 2954c478ebab019b814b97cbaec4653af7f03f34,
which is 2.2+. No backport needed.
---
src/ssl_sock.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 3d32ced7f..82b5cba4d 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -4656,7 +4656,7 @@ static char **crtlist_dup_filters(char **args, int fcount)
char **dst;
int i;
- dst = calloc(fcount, sizeof(*dst) + 1);
+ dst = calloc(fcount + 1, sizeof(*dst));
if (!dst)
return NULL;
--
2.25.2
