|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-changelog] [qemu-xen-traditional stable-4.6] readline: fix memory corruption when adding history
commit 1b10783fe24c7c5f22320032e0d4da5aab9da572
Author: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
AuthorDate: Fri Mar 7 09:50:41 2014 +0000
Commit: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
CommitDate: Fri Oct 16 16:52:06 2015 +0100
readline: fix memory corruption when adding history
idx can be down to 0, so TERM_MAX_CMDS-idx+1 could be TERM_MAX_CMDS+1, which
exceeds the size of term_history.
Signed-off-by: Kaifeng Zhu <kaifeng.zhu@xxxxxxxxxx>
Coverity-ID: 1055739
Reviewed-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
---
readline.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/readline.c b/readline.c
index 8572841..4b68726 100644
--- a/readline.c
+++ b/readline.c
@@ -267,7 +267,7 @@ static void term_hist_add(const char *cmdline)
new_entry = hist_entry;
/* Put this entry at the end of history */
memmove(&term_history[idx], &term_history[idx + 1],
- (TERM_MAX_CMDS - idx + 1) * sizeof(char *));
+ (TERM_MAX_CMDS - (idx + 1)) * sizeof(char *));
term_history[TERM_MAX_CMDS - 1] = NULL;
for (; idx < TERM_MAX_CMDS; idx++) {
if (term_history[idx] == NULL)
--
generated by git-patchbot for /home/xen/git/qemu-xen-traditional.git#stable-4.6
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |