svf: off-by-one error; do not access after the allocated memory 15/1615/2
authorPaul Fertser <fercerpav@gmail.com>
Tue, 10 Sep 2013 11:14:56 +0000 (15:14 +0400)
committerSpencer Oliver <spen@spen-soft.co.uk>
Fri, 13 Sep 2013 19:34:46 +0000 (19:34 +0000)
Keep the promise and ensure there're at least 3 bytes available after
the current position.

This eliminates the errors reported by Valgrind.

Change-Id: I1d0640e904c750eed808b2b4caf419b4d7619845
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Reviewed-on: http://openocd.zylin.com/1615
Tested-by: jenkins
Reviewed-by: Peter Stuge <peter@stuge.se>
src/svf/svf.c

index 69f75ac..3e7bfbf 100644 (file)
@@ -642,8 +642,9 @@ static int svf_read_command_from_file(FILE *fd)
                                 *  - added space.
                                 *  - terminating NUL ('\0')
                                 */
-                               if ((cmd_pos + 2) >= svf_command_buffer_size) {
-                                       svf_command_buffer = realloc(svf_command_buffer, (cmd_pos + 2));
+                               if (cmd_pos + 3 > svf_command_buffer_size) {
+                                       svf_command_buffer = realloc(svf_command_buffer, cmd_pos + 3);
+                                       svf_command_buffer_size = cmd_pos + 3;
                                        if (svf_command_buffer == NULL) {
                                                LOG_ERROR("not enough memory");
                                                return ERROR_FAIL;