From a9802509184341e731de5c9af363184a9964a8a7 Mon Sep 17 00:00:00 2001 From: "Richard W.M. Jones" Date: Tue, 4 Jan 2011 16:02:48 +0000 Subject: [PATCH] fish: Fix off-by-one bug in tilde expansion. Although this doesn't seem to cause a crash, valgrind confirms that this is a genuine off-by-one bug. It could potentially cause a crash if you did: echo 'echo ~root/foo' | guestfish --- fish/tilde.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fish/tilde.c b/fish/tilde.c index 83aa70d..806297c 100644 --- a/fish/tilde.c +++ b/fish/tilde.c @@ -58,7 +58,7 @@ try_tilde_expansion (char *str) home = find_home_for_username (&str[1], len); if (home) { - len = strlen (home) + strlen (rest); + len = strlen (home) + strlen (rest) + 1; str = malloc (len); if (str == NULL) { perror ("malloc"); -- 1.8.3.1