summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorIan Stakenvicius <axs@gentoo.org>2015-09-14 15:30:37 -0400
committerIan Stakenvicius <axs@gentoo.org>2015-09-14 15:39:44 -0400
commite44233b3de61851f504ee94f8b2c526d6ec200af (patch)
tree1529592c5a748cc32cd9becbf628fd8db0a14161 /x11-misc/slim/files
parenteclass: Add innodb-snappy USE for >=mariadb-10.1.7 to mysql-{cmake,multilib}.... (diff)
downloadgentoo-e44233b3de61851f504ee94f8b2c526d6ec200af.tar.gz
gentoo-e44233b3de61851f504ee94f8b2c526d6ec200af.tar.bz2
gentoo-e44233b3de61851f504ee94f8b2c526d6ec200af.zip
x11-misc/slim: fix pointer arithmetic error
While addressing bug 560088 related to consolekit-1.0, it was found that some pointer arithmetic being used in a malloc and memcpy was wrong and was causing a malloc corruption error. This patch addresses the out-of-bounds indexing. Package-Manager: portage-2.2.20.1
Diffstat (limited to 'x11-misc/slim/files')
-rw-r--r--x11-misc/slim/files/slim-1.3.6-envcpy-bad-pointer-arithmetic.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/x11-misc/slim/files/slim-1.3.6-envcpy-bad-pointer-arithmetic.patch b/x11-misc/slim/files/slim-1.3.6-envcpy-bad-pointer-arithmetic.patch
new file mode 100644
index 000000000000..b3787dd58459
--- /dev/null
+++ b/x11-misc/slim/files/slim-1.3.6-envcpy-bad-pointer-arithmetic.patch
@@ -0,0 +1,15 @@
+--- a/app.cpp 2015-09-14 12:00:00.460481656 -0400
++++ b/app.cpp 2015-09-14 14:41:10.970536588 -0400
+@@ -606,9 +606,9 @@
+
+ n++;
+
+- child_env = static_cast<char**>(malloc(sizeof(char*)*n));
+- memcpy(child_env, old_env, sizeof(char*)*n+1);
+- child_env[n - 1] = StrConcat("XDG_SESSION_COOKIE=", ck.get_xdg_session_cookie());
++ child_env = static_cast<char**>(malloc(sizeof(char*)*(n+1)));
++ memcpy(child_env, old_env, sizeof(char*)*n);
++ child_env[n-1] = StrConcat("XDG_SESSION_COOKIE=", ck.get_xdg_session_cookie());
+ child_env[n] = NULL;
+ }
+ # endif /* USE_CONSOLEKIT */