Date: Thu, 24 Nov 2011 18:45:23 +0000 (UTC) From: Max Khon <fjoe@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r227947 - head/usr.sbin/tzsetup Message-ID: <201111241845.pAOIjNvY008058@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: fjoe Date: Thu Nov 24 18:45:23 2011 New Revision: 227947 URL: http://svn.freebsd.org/changeset/base/227947 Log: calloc +1 DIALOG_LISTITEM to prevent possible wild pointer access in dlg_default_listitem(). Modified: head/usr.sbin/tzsetup/tzsetup.c Modified: head/usr.sbin/tzsetup/tzsetup.c ============================================================================== --- head/usr.sbin/tzsetup/tzsetup.c Thu Nov 24 18:44:14 2011 (r227946) +++ head/usr.sbin/tzsetup/tzsetup.c Thu Nov 24 18:45:23 2011 (r227947) @@ -76,14 +76,14 @@ static int xdialog_menu(const char *title, const char *cprompt, int height, int width, int menu_height, int item_no, dialogMenuItem *ditems) { - int i, result, choice; + int i, result, choice = 0; DIALOG_LISTITEM *listitems; DIALOG_VARS save_vars; dlg_save_vars(&save_vars); /* initialize list items */ - listitems = dlg_calloc(DIALOG_LISTITEM, item_no); + listitems = dlg_calloc(DIALOG_LISTITEM, item_no + 1); assert_ptr(listitems, "xdialog_menu"); for (i = 0; i < item_no; i++) { listitems[i].name = ditems[i].prompt; @@ -111,7 +111,7 @@ xdialog_menu(const char *title, const ch width = COLS; again: - dialog_vars.default_item = ditems[choice].prompt; + dialog_vars.default_item = listitems[choice].name; result = dlg_menu(title, cprompt, height, width, menu_height, item_no, listitems, &choice, NULL); switch (result) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201111241845.pAOIjNvY008058>