From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.6) Gecko/20050328 Firefox/1.0.2 Description of problem: You allocate 8k, read 8k, and then in getline read bytes without bounding the size of data. If you actually did read 8k, then you can read over the end of the array. Version-Release number of selected component (if applicable): initscripts-7.93.5-1 and CVS HEAD How reproducible: Always Steps to Reproduce: 1. valgrind --tool=memcheck ./initlog -q -c "yes a very very very very very long even large string which will be printed very often" 2. 3. Actual Results: ==30387== Invalid read of size 1 ==30387== at 0x1B904747: memcpy (mac_replace_strmem.c:300) ==30387== by 0x804971E: getLine (initlog.c:139) ==30387== by 0x804ADB9: monitor (process.c:211) ==30387== by 0x804B2F7: runCommand (process.c:315) ==30387== Address 0x1BC7C6A8 is 0 bytes after a block of size 8192 alloc'd ==30387== at 0x1B90540D: calloc (vg_replace_malloc.c:176) ==30387== by 0x804AC52: monitor (process.c:191) ==30387== by 0x804B2F7: runCommand (process.c:315) ==30387== by 0x804A5B4: processArgs (initlog.c:426) Additional info: Patch in a few moments (stupid bugzilla)
Created attachment 112693 [details] Patch to resolve problem
You shouldn't look at that code, it's bad for you. :) Added in CVS, thanks.