projects
/
browser-switch
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(from parent 1:
04085eb
)
Fix off-by-one error in launch_other_browser
author
Steven Luo
<steven+maemo@steven676.net>
Sun, 13 Dec 2009 08:45:12 +0000
(
00:45
-0800)
committer
Steven Luo
<steven+maemo@steven676.net>
Sun, 13 Dec 2009 08:45:12 +0000
(
00:45
-0800)
quote+1 has length one less than quote, so asking memmove() to move
strlen(quote)+1 bytes (including the \0) starting at quote+1 results in
writing one byte beyond the end of the memory area. Found by valgrind.
launcher.c
patch
|
blob
|
history
diff --git
a/launcher.c
b/launcher.c
index
d9fa584
..
24dff0a
100644
(file)
--- a/
launcher.c
+++ b/
launcher.c
@@
-154,7
+154,7
@@
static void launch_other_browser(struct swb_context *ctx, char *uri) {
/* Move the string after the ', including the \0,
over two chars */
- memmove(quote+3, quote+1, strlen(quote)+1);
+ memmove(quote+3, quote+1, strlen(quote));
memcpy(quote, "%27", 3);
quote = quote + 3;
}