On Saturday 01 May 2010, TwoThe wrote:
> Type: Bug
> Severity: medium
> Component: VirtualBox OSE
> Host: Ubuntu 64
>
> In file src/libs/xpcom18a4/xpcom/typelib/xpidl/xpidl_typelib.c:
>
> #417 annotation_len = strlen(annotation_format) +
> strlen(state->basename) + 418 strlen(timestr);
> 419 for (i = 0; i < HEADER(state)->num_interfaces; i++) {
> [...]
> 425 }
> 426
> !427 annotate_val = (char *) malloc(annotation_len);
>
> In line 417 the size of annotation_len is calculated and later (line 427)
> used to allocate memory for a string, but there is not enough memory
> reserved for the terminating 0 character. In line 418 there should be a "+
> 1" added to the calculation.Confirmed. Thanks for this report! Kind regards, Frank -- Dr.-Ing. Frank Mehnert Sitz der Gesellschaft: Sun Microsystems GmbH, Sonnenallee 1, 85551 Kirchheim-Heimstetten Amtsgericht München: HRB 161028 Geschäftsführer: Jürgen Kunz
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ vbox-dev mailing list [email protected] http://vbox.innotek.de/mailman/listinfo/vbox-dev
