Skip to content

Commit

Permalink
Fixed bug 2966 - Memory corruption in read_config_file() function
Browse files Browse the repository at this point in the history 
Nitz

#define MAXWORDS 10
In read_config_file() function:

      char tmp[PATH_MAX], *w[MAXWORDS], *cp;

      while (w[words] && (words < MAXWORDS))
      {
        w[++words]=strtok(0," \t\r\n\240");
        if (w[words] && w[words][0]=='#') break;
      }
Overrunning of array w happen at the index of 10.
  • Loading branch information
@slouken
slouken committed May 5, 2015
1 parent 7676d70 commit 6a21313
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion timidity/timidity.c
View file
Expand Up @@ -56,7 +56,7 @@ static int read_config_file(const char *name)
line++;
w[words=0]=strtok(tmp, " \t\r\n\240");
if (!w[0] || (*w[0]=='#')) continue;
while (w[words] && (words < MAXWORDS))
while (w[words] && (words < (MAXWORDS-1)))
{
w[++words]=strtok(0," \t\r\n\240");
if (w[words] && w[words][0]=='#') break;
Expand Down

0 comments on commit 6a21313

Please sign in to comment.