fetch_string_setting() was subtracting one from the length of the to-be-NUL-terminated buffer in order to obtain the length of the unterminated buffer to be passed to fetch_setting(). This works extremely well unless the length of the to-be-NUL-terminated buffer is zero, at which point we end up giving fetch_setting() a buffer of length -1UL, thereby inviting it to overwrite as much memory as it wants...tags/v0.9.4
|
|
||
381 |
|
381 |
|
382 |
|
382 |
|
383 |
|
383 |
|
384 |
|
|
|
|
384 |
|
|
|
385 |
|
|
385 |
|
386 |
|
386 |
|
387 |
|
387 |
|
388 |
|