From: Richard W.M. Jones Date: Tue, 4 Jan 2011 16:02:48 +0000 (+0000) Subject: fish: Fix off-by-one bug in tilde expansion. X-Git-Tag: 1.9.3~10 X-Git-Url: http://git.annexia.org/?a=commitdiff_plain;h=a9802509184341e731de5c9af363184a9964a8a7;p=libguestfs.git fish: Fix off-by-one bug in tilde expansion. Although this doesn't seem to cause a crash, valgrind confirms that this is a genuine off-by-one bug. It could potentially cause a crash if you did: echo 'echo ~root/foo' | guestfish --- diff --git a/fish/tilde.c b/fish/tilde.c index 83aa70d..806297c 100644 --- a/fish/tilde.c +++ b/fish/tilde.c @@ -58,7 +58,7 @@ try_tilde_expansion (char *str) home = find_home_for_username (&str[1], len); if (home) { - len = strlen (home) + strlen (rest); + len = strlen (home) + strlen (rest) + 1; str = malloc (len); if (str == NULL) { perror ("malloc");