From 1c55f532615cf1d04724f42d4a7f5c0e189d954a Mon Sep 17 00:00:00 2001 From: Joerg Wunsch Date: Tue, 28 Apr 2009 18:35:14 +0000 Subject: [PATCH] Submitted by Carl Hamilton: * update.c (parse_op): correctly \0-terminate buf after filling it, before it is potentially used as the source of a call to strlen or strcpy. git-svn-id: svn://svn.savannah.nongnu.org/avrdude/trunk@819 81a1dc3b-b13d-400b-aceb-764788c761c2 --- avrdude/ChangeLog | 7 +++++++ avrdude/update.c | 3 +-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/avrdude/ChangeLog b/avrdude/ChangeLog index 516ef81d..da4cba9e 100644 --- a/avrdude/ChangeLog +++ b/avrdude/ChangeLog @@ -1,3 +1,10 @@ +2009-04-28 Joerg Wunsch + + Submitted by Carl Hamilton: + * update.c (parse_op): correctly \0-terminate buf after filling + it, before it is potentially used as the source of a call to + strlen or strcpy. + 2009-04-14 Joerg Wunsch * doc/avrdude.texi: Merge the -P 0xXXX option description from diff --git a/avrdude/update.c b/avrdude/update.c index 51952cdc..22c9de7d 100644 --- a/avrdude/update.c +++ b/avrdude/update.c @@ -51,6 +51,7 @@ UPDATE * parse_op(char * s) p = s; while ((i < (sizeof(buf)-1) && *p && (*p != ':'))) buf[i++] = *p++; + buf[i] = 0; if (*p != ':') { upd->memtype = (char *)malloc(strlen("flash")+1); @@ -69,8 +70,6 @@ UPDATE * parse_op(char * s) return upd; } - buf[i] = 0; - upd->memtype = (char *)malloc(strlen(buf)+1); if (upd->memtype == NULL) { fprintf(stderr, "%s: out of memory\n", progname);