From: Richard W.M. Jones <rjones@redhat.com>
Date: Tue, 4 Jan 2011 16:02:48 +0000 (+0000)
Subject: fish: Fix off-by-one bug in tilde expansion.
X-Git-Tag: 1.9.3~10
X-Git-Url: http://git.annexia.org/?a=commitdiff_plain;h=a9802509184341e731de5c9af363184a9964a8a7;p=libguestfs.git

fish: Fix off-by-one bug in tilde expansion.

Although this doesn't seem to cause a crash, valgrind confirms
that this is a genuine off-by-one bug.  It could potentially
cause a crash if you did:

  echo 'echo ~root/foo' | guestfish
---

diff --git a/fish/tilde.c b/fish/tilde.c
index 83aa70d..806297c 100644
--- a/fish/tilde.c
+++ b/fish/tilde.c
@@ -58,7 +58,7 @@ try_tilde_expansion (char *str)
     home = find_home_for_username (&str[1], len);
 
     if (home) {
-      len = strlen (home) + strlen (rest);
+      len = strlen (home) + strlen (rest) + 1;
       str = malloc (len);
       if (str == NULL) {
         perror ("malloc");