mirror of https://github.com/ericonr/erm.git
Fix UB with the path.
- we were allocating plen+nlen+1 and accessing plen+nlen+1; the correct allocation size should have been plen+nlen+2, because it needed to fit the null byte and the slash - printing buf after it's been added to queue gets into a race condition where it can be freed before it's printed
This commit is contained in:
parent
948783245d
commit
0e80093346
4
remove.c
4
remove.c
|
@ -150,14 +150,14 @@ remove_dir:
|
|||
n++;
|
||||
|
||||
size_t nlen = strlen(entry->d_name);
|
||||
char *buf = malloc(plen + nlen + 1);
|
||||
char *buf = malloc(plen + nlen + 2);
|
||||
memcpy(buf, p->path, plen);
|
||||
buf[plen] = '/';
|
||||
memcpy(buf+plen+1, entry->d_name, nlen);
|
||||
buf[plen+nlen+1] = '\0';
|
||||
|
||||
queue_add(q, buf, entry->d_type, p);
|
||||
printf("adding to queue'%s'\n", buf);
|
||||
queue_add(q, buf, entry->d_type, p);
|
||||
}
|
||||
/* this store doesn't need to be atomic, since we release the mutex below */
|
||||
atomic_store_explicit(&p->rc, n, memory_order_relaxed);
|
||||
|
|
Loading…
Reference in New Issue