libdpkg: Do not segfault on varbufdupc after extending the buffer

Store the old used size instead of the precomputed address, as
varbufextend might change the buffer from under us.

diff --git a/ChangeLog b/ChangeLog
index fd9fd9a91b8be507f62bf65812dda80f898c91f5..b512d807e5bc11eddad15e08fe38df5ef693e25d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-06-19  Guillem Jover  <guillem@debian.org>
+
+       * lib/varbuf.c (varbufdupc): Store the old used size instead of the
+       precomputed address, as varbufextend might change the buffer from
+       under us.
+
 2008-06-17  Guillem Jover  <guillem@debian.org>
 
        * scripts/dpkg-divert.pl: Do not silently force --rename on --remove.

diff --git a/lib/varbuf.c b/lib/varbuf.c
index ffcc544cf2754437cd335a53f1f5446010c35084..67722d256406b2a34e248af33945106275aa2e81 100644 (file)
--- a/lib/varbuf.c
+++ b/lib/varbuf.c
@@ -35,11 +35,12 @@ varbufaddc(struct varbuf *v, int c)
 }
 
 void varbufdupc(struct varbuf *v, int c, ssize_t n) {
-  char *b = v->buf + v->used;
+  size_t old_used = v->used;
+
   v->used += n;
   if (v->used >= v->size) varbufextend(v);
 
-  memset(b, c, n);
+  memset(v->buf + old_used, c, n);
 }
 
 int varbufprintf(struct varbuf *v, const char *fmt, ...) {