diff --git a/avrdude/ChangeLog b/avrdude/ChangeLog index 516ef81d..da4cba9e 100644 --- a/avrdude/ChangeLog +++ b/avrdude/ChangeLog @@ -1,3 +1,10 @@ +2009-04-28 Joerg Wunsch + + Submitted by Carl Hamilton: + * update.c (parse_op): correctly \0-terminate buf after filling + it, before it is potentially used as the source of a call to + strlen or strcpy. + 2009-04-14 Joerg Wunsch * doc/avrdude.texi: Merge the -P 0xXXX option description from diff --git a/avrdude/update.c b/avrdude/update.c index 51952cdc..22c9de7d 100644 --- a/avrdude/update.c +++ b/avrdude/update.c @@ -51,6 +51,7 @@ UPDATE * parse_op(char * s) p = s; while ((i < (sizeof(buf)-1) && *p && (*p != ':'))) buf[i++] = *p++; + buf[i] = 0; if (*p != ':') { upd->memtype = (char *)malloc(strlen("flash")+1); @@ -69,8 +70,6 @@ UPDATE * parse_op(char * s) return upd; } - buf[i] = 0; - upd->memtype = (char *)malloc(strlen(buf)+1); if (upd->memtype == NULL) { fprintf(stderr, "%s: out of memory\n", progname);