From: José Fonseca <jfonseca@vmware.com>
Date: Thu, 27 Oct 2011 12:23:17 +0000 (+0100)
Subject: Fix buffer overflow when manipulating extensions string.
X-Git-Url: https://git.cworth.org/git?a=commitdiff_plain;h=0287384264fec99576668b89e1ec37d8e93a65bb;p=apitrace

Fix buffer overflow when manipulating extensions string.
---

diff --git a/glcaps.cpp b/glcaps.cpp
index fed12d7..2f16b63 100644
--- a/glcaps.cpp
+++ b/glcaps.cpp
@@ -32,6 +32,7 @@
  */
 
 
+#include <assert.h>
 #include <string.h>
 #include <stdlib.h>
 
@@ -81,7 +82,11 @@ overrideExtensionsString(const char *extensions)
         extra_extensions_len += extra_extension_len + 1;
     }
 
-    char *new_extensions = (char *)malloc(extensions_len + 1 + extra_extensions_len);
+    // We use malloc memory instead of a std::string because we need to ensure
+    // that extensions strings will not move in memory as the extensionsMap is
+    // updated.
+    size_t new_extensions_len = extensions_len + 1 + extra_extensions_len + 1;
+    char *new_extensions = (char *)malloc(new_extensions_len);
     if (!new_extensions) {
         return extensions;
     }
@@ -102,7 +107,8 @@ overrideExtensionsString(const char *extensions)
         extensions_len += extra_extension_len;
         new_extensions[extensions_len++] = ' ';
     }
-    new_extensions[extensions_len] = '\0';
+    new_extensions[extensions_len++] = '\0';
+    assert(extensions_len <= new_extensions_len);
 
     extensionsMap[extensions] = new_extensions;