From 6ed8cf3444d3cf08d3c141eee379042d6354f6fb Mon Sep 17 00:00:00 2001 From: Vadim Kaushan Date: Fri, 3 Apr 2015 18:17:08 +1100 Subject: [PATCH] pgrep: Off by one in realloc in option handling The loop that parses options has a of by one bug where the realloc adds one byte, instead of one list element. This is exposed when you try things like: pgrep -t,,,, Signed-off-by: Craig Small --- pgrep.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pgrep.c b/pgrep.c index 3ba36343..e24e09d7 100644 --- a/pgrep.c +++ b/pgrep.c @@ -160,7 +160,7 @@ static struct el *split_list (const char *restrict str, int (*convert)(const cha if (i == size) { size = size * 5 / 4 + 4; /* add 1 because slot zero is a count */ - list = xrealloc (list, 1 + size * sizeof *list); + list = xrealloc (list, (1 + size) * sizeof *list); } sep_pos = strchr (ptr, ','); if (sep_pos)