[systemd-devel] [PATCH] sd-rtnl: fix off-by-one

[Dave Reisner]

On Sun, Mar 30, 2014 at 05:34:54PM -0700, Steven Siloti wrote:
> ---
>  src/libsystemd/sd-rtnl/rtnl-message.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/libsystemd/sd-rtnl/rtnl-message.c b/src/libsystemd/sd-rtnl/rtnl-message.c
> index 5265184..a31f6ba 100644
> --- a/src/libsystemd/sd-rtnl/rtnl-message.c
> +++ b/src/libsystemd/sd-rtnl/rtnl-message.c
> @@ -911,11 +911,11 @@ int rtnl_message_parse(sd_rtnl_message *m,
>          unsigned short type;
>          size_t *tb;
>  
> -        tb = (size_t *) new0(size_t *, max);
> +        tb = (size_t *) new0(size_t *, max + 1);

Not your code, but this should be size_t, not size_t*. The need for the
cast should have been an indicator for whomever added this that it
wasn't right.

>          if(!tb)
>                  return -ENOMEM;
>  
> -        *rta_tb_size = max;
> +        *rta_tb_size = max + 1;
>  
>          for (; RTA_OK(rta, rt_len); rta = RTA_NEXT(rta, rt_len)) {
>                  type = rta->rta_type;
> -- 
> 1.9.1
> 
> _______________________________________________
> systemd-devel mailing list
> systemd-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/systemd-devel