Skip to content

Commit 46bfa52

Browse files
authored
Merge pull request #3544 from airween/v3/acmppmfix
fix: heap buffer overflow in acmp pm
2 parents 1919573 + f103e4e commit 46bfa52

File tree

1 file changed

+7
-4
lines changed

1 file changed

+7
-4
lines changed

src/utils/acmp.cc

Lines changed: 7 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -387,17 +387,20 @@ if (parser->is_active != 0) return -1;
387387
child->pattern = (char *)"";
388388
child->letter = letter;
389389
child->depth = i;
390-
child->text = (char *)calloc(1, strlen(pattern) + 2);
390+
child->text = (char *)calloc(1, i + 2);
391391
/* ENH: Check alloc succeded */
392-
for (j = 0; j <= i; j++) child->text[j] = pattern[j];
392+
for (j = 0; j <= i; j++) {
393+
child->text[j] = pattern[j];
394+
}
393395
}
394396
if (i == length - 1) {
395397
if (child->is_last == 0) {
396398
parser->dict_count++;
397399
child->is_last = 1;
398-
child->pattern = (char *)calloc(1, strlen(pattern) + 2);
400+
child->pattern = (char *)calloc(1, length + 1);
399401
/* ENH: Check alloc succeded */
400-
strcpy(child->pattern, pattern);
402+
memcpy(child->pattern, pattern, length);
403+
child->pattern[length] = '\0';
401404
}
402405
child->callback = callback;
403406
child->callback_data = data;

0 commit comments

Comments
 (0)