glib-unix.c: fix heap corruption in g_unix_get_passwd_entry

malloc() was given too small value (size of pointer, rather than struct it points to), and subsequent call getpwnam_r() wrote past the end of allocated block - easily seen with valgrind. Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
2024-11-08 10:26:16 +01:00 · 2020-04-01 00:51:39 +02:00 · 2020-04-01 00:51:39 +02:00 · 473b3b4ce4
commit 473b3b4ce4
parent 50355361e6
1 changed files with 1 additions and 1 deletions
--- a/glib/glib-unix.c
+++ b/glib/glib-unix.c
@ -485,7 +485,7 @@ g_unix_get_passwd_entry (const gchar  *user_name,
       * loop until it’s big enough). Add 6 extra bytes to work around a bug in
       * macOS < 10.3. See #156446.
       */
-      buffer = g_malloc0 (sizeof (buffer) + string_buffer_size + 6);
+      buffer = g_malloc0 (sizeof (*buffer) + string_buffer_size + 6);

      errno = 0;
      retval = getpwnam_r (user_name, &buffer->pwd, buffer->string_buffer,