From: Erik van der Kouwe Date: Mon, 23 Aug 2010 16:32:05 +0000 (+0000) Subject: Fix buffer overflow in libarchive if a UTF-8 encoded string has codepoints that requi... X-Git-Tag: v3.1.8~55 X-Git-Url: http://zhaoyanbai.com/repos/cppcheck.log?a=commitdiff_plain;h=a2647a41814468a88e506b46582acb10f30fb868;p=minix.git Fix buffer overflow in libarchive if a UTF-8 encoded string has codepoints that require two UTF-16 words --- diff --git a/lib/libarchive/archive_string.c b/lib/libarchive/archive_string.c index 4e57d62e1..ce97e4d91 100644 --- a/lib/libarchive/archive_string.c +++ b/lib/libarchive/archive_string.c @@ -291,8 +291,13 @@ __archive_string_utf8_w(struct archive_string *as) int wc, wc2;/* Must be large enough for a 21-bit Unicode code point. */ const char *src; int n; + size_t size; - ws = (wchar_t *)malloc((as->length + 1) * sizeof(wchar_t)); + /* be pessimistic; UCS4 always takes up four bytes per char while + * UTF-16 may takes four bytes per char (except the 0 terminator) + */ + size = as->length * 4 + sizeof(wchar_t); + ws = (wchar_t *)malloc(size); if (ws == NULL) __archive_errx(1, "Out of memory"); dest = ws;