projects
/
claws.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
3ae5095
)
Fix bug #3201 "Fix memory corruption in sc_html_read_line()"
author
Fabian Keil
<fk@fabiankeil.de>
Sun, 1 Jun 2014 11:55:20 +0000
(13:55 +0200)
committer
Ricardo Mones
<ricardo@mones.org>
Sun, 1 Jun 2014 14:01:53 +0000
(16:01 +0200)
Previously fread() could fill the whole buffer
in which case buf[n] = '\0' messed up the stack.
Introduced in
d0c64a09
+
4ab3585743
.
src/html.c
patch
|
blob
|
history
diff --git
a/src/html.c
b/src/html.c
index f7b0ac42f1293781cc407f9204dac8454f2070ca..71338af1fc27bd4d2c337e3c70336bd416220370 100644
(file)
--- a/
src/html.c
+++ b/
src/html.c
@@
-445,7
+445,7
@@
static SC_HTMLState sc_html_read_line(SC_HTMLParser *parser)
if (parser->fp == NULL)
return SC_HTML_EOF;
- n = fread(buf, 1, sizeof(buf), parser->fp);
+ n = fread(buf, 1, sizeof(buf)
- 1
, parser->fp);
if (n == 0) {
parser->state = SC_HTML_EOF;
return SC_HTML_EOF;