Skip to content

Commit

Permalink
userbits 'address out of bounce' fix
Browse files Browse the repository at this point in the history 
We pass (1, 0) to calloc().
The ACLBYTE macro will return &NULL[(0 + 1) >> 3] equals 0.

On some systems (including OpenBSD) this will return
a zero sized object: a unique pointer that points to
unaccessable memory. This is permitted by the standards.
  • Loading branch information
@alexander-naumov
alexander-naumov committed Jun 7, 2024
1 parent 2b7eebc commit b22cf83
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/acls.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ static int GrowBitfield(AclBits * bfp, int len, int delta, int defaultbit)
{
AclBits n, o = *bfp;

if (!(n = (AclBits) calloc(1, (unsigned long)(&ACLBYTE((char *)NULL, len + delta + 1)))))
if (!(n = (AclBits) calloc(1, (unsigned long)(&ACLBYTE((char *)NULL, len + delta) + 1))))
return -1;
for (int i = 0; i < (len + delta); i++) {
if (((i < len) && (ACLBIT(i) & ACLBYTE(o, i))) || ((i >= len) && (defaultbit)))
Expand Down

0 comments on commit b22cf83

Please sign in to comment.