From 5e531d1af9aa28b1d89c72b65cba034baa2a05a3 Mon Sep 17 00:00:00 2001 From: Timo Kokkonen Date: Sun, 29 Jan 2017 17:03:00 +0200 Subject: [PATCH] onewire_parser: Fix crash caused by off by one memory allocation The entries in sensor list always start with either server address or mount point, which is not counted as a sensor. If we want to count the actual number of sensors, we obviously need to add one more to the last index number, otherwise we get one too small number for sensors and allocate too little of memory for the parser state. Signed-off-by: Timo Kokkonen --- onewire_parser.c | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/onewire_parser.c b/onewire_parser.c index 937400b..decc133 100644 --- a/onewire_parser.c +++ b/onewire_parser.c @@ -23,13 +23,15 @@ static struct owparser_state *allocate_parser_state(const char **datastr) { int i; - /* Count how many sensor entries we need */ + /* + * Count how many sensor entries we need. First entry belongs + * to server address or mount point and last one is NULL. So + * the index final is the count of actual valid sensor + * entries. + */ for (i = 0; datastr[i]; i++) ; - /* The first entry belongs to server address or mount point */ - i--; - return calloc(sizeof(struct owparser_state), i); } -- 2.45.0