• Hanno Böck's avatar
    main: fix heap overflow in dbus-launch wrapping · 634ab70d
    Hanno Böck authored
    I have discovered a heap overflow with the help of an address sanitizer.
    
    The require_dbus_session() function has this code:
    
            new_argv = g_malloc (argc + 3 * sizeof (*argv));
    
    The intention is to allocate space for (argc + 3) pointers. However obviously a
    parenthesis is missing, therefore only argc bytes + 3 * pointer size gets
    allocated, which is insufficient space. This leads to invalid memory writes.
    
    The fix is trivial: Parentheses around argc + 3.
    
    https://bugzilla.gnome.org/show_bug.cgi?id=768441
    634ab70d
main.c 14.3 KB