main: fix heap overflow in dbus-launch wrapping
I have discovered a heap overflow with the help of an address sanitizer. The require_dbus_session() function has this code: new_argv = g_malloc (argc + 3 * sizeof (*argv)); The intention is to allocate space for (argc + 3) pointers. However obviously a parenthesis is missing, therefore only argc bytes + 3 * pointer size gets allocated, which is insufficient space. This leads to invalid memory writes. The fix is trivial: Parentheses around argc + 3. https://bugzilla.gnome.org/show_bug.cgi?id=768441
parent
fdd28635
Please register or sign in to comment