Red Hat Bugzilla – Bug 13550
control-panel writes out of bounds
Last modified: 2008-05-01 11:37:56 EDT
control-panel allocates 'buf' of stat_buf.st_size bytes and proceeds
to write at buf[stat_buf.st_size] location.
Attached patch fixes also a minor issue of a type conversion which
kicks in when sizeof(size_t) != sizeof(int).
I thought that I submitted that bug a long time ago but it is still
present in 3.13-1 and bugzilla claims that there are no bugs filed
Created attachment 918 [details]
fix to bad allocation size bug in control-panel
Thanks for the tip. Some of these fixes had already been integrated into the
CVS tree, but I made another once-over the source file.