From: Guillem Jover <guillem@debian.org>
Date: Thu, 19 Jun 2008 05:06:00 +0000 (+0300)
Subject: libdpkg: Do not segfault on varbufdupc after extending the buffer
X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b3e03cf33bda6b6061c1aced6ac63bbcd874e9a6;p=dpkg

libdpkg: Do not segfault on varbufdupc after extending the buffer

Store the old used size instead of the precomputed address, as
varbufextend might change the buffer from under us.
---

diff --git a/ChangeLog b/ChangeLog
index fd9fd9a9..b512d807 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2008-06-19  Guillem Jover  <guillem@debian.org>
+
+	* lib/varbuf.c (varbufdupc): Store the old used size instead of the
+	precomputed address, as varbufextend might change the buffer from
+	under us.
+
 2008-06-17  Guillem Jover  <guillem@debian.org>
 
 	* scripts/dpkg-divert.pl: Do not silently force --rename on --remove.
diff --git a/lib/varbuf.c b/lib/varbuf.c
index ffcc544c..67722d25 100644
--- a/lib/varbuf.c
+++ b/lib/varbuf.c
@@ -35,11 +35,12 @@ varbufaddc(struct varbuf *v, int c)
 }
 
 void varbufdupc(struct varbuf *v, int c, ssize_t n) {
-  char *b = v->buf + v->used;
+  size_t old_used = v->used;
+
   v->used += n;
   if (v->used >= v->size) varbufextend(v);
 
-  memset(b, c, n);
+  memset(v->buf + old_used, c, n);
 }
 
 int varbufprintf(struct varbuf *v, const char *fmt, ...) {