|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 17/32] readline: fix memory corruption when adding history
From: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
idx can be down to 0, so TERM_MAX_CMDS-idx+1 could be TERM_MAX_CMDS+1, which
exceeds the size of term_history.
Signed-off-by: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
Coverity-ID: 1055739
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
readline.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/readline.c b/readline.c
index 8572841..4b68726 100644
--- a/readline.c
+++ b/readline.c
@@ -267,7 +267,7 @@ static void term_hist_add(const char *cmdline)
new_entry = hist_entry;
/* Put this entry at the end of history */
memmove(&term_history[idx], &term_history[idx + 1],
- (TERM_MAX_CMDS - idx + 1) * sizeof(char *));
+ (TERM_MAX_CMDS - (idx + 1)) * sizeof(char *));
term_history[TERM_MAX_CMDS - 1] = NULL;
for (; idx < TERM_MAX_CMDS; idx++) {
if (term_history[idx] == NULL)
--
1.7.10.4
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |