potential memory problem in RPC

Derek Atkins warlord@MIT.EDU
20 Mar 2001 17:14:24 -0500


It may be possible to not allocate enough memory in some cases,
because gncQueryTerm and QueryTerm have different sizes.  As a
result, it's possible that not enough space is actually alloc'ed.

This patch will make sure enough space is always alloc'ed for the
conversion.

-derek

Index: src/engine/rpc/RpcUtils.c
===================================================================
RCS file: /home/cvs/cvsroot/gnucash/src/engine/rpc/RpcUtils.c,v
retrieving revision 1.1
diff -u -r1.1 RpcUtils.c
--- src/engine/rpc/RpcUtils.c	2001/03/19 21:49:50	1.1
+++ src/engine/rpc/RpcUtils.c	2001/03/20 22:11:50
@@ -1199,8 +1199,16 @@
       case PD_STRING:
 	PINFO ("BLAH...  It's a string.  I hope it doesn't have a Regex!");
       default:
-	term = malloc (sizeof (*term));
-	memcpy (term, andlist->qt, sizeof (*term));
+	/* Allocate the right size */
+	if (toRpc) {
+	  term = malloc (sizeof (*term));
+	  memset (term, 0, sizeof (*term));
+	} else {
+	  term = malloc (sizeof (*qt));
+	  memset (term, 0, sizeof (*qt));
+	}
+	/* Only copy the smaller size */
+	memcpy (term, andlist->qt, MIN(sizeof (*qt), sizeof(*term)));
       }
 
       /* Set the predicate for non-rpc copies */

-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord@MIT.EDU                        PGP key available