Fix another off by one error in Uemis native downloader

And again buffer_insert contained the blatant bug. The code wasn't copying the trailing '\0' when extending the string, which usually didn't end up blowing up the code (and therefore kept the bug hidden until now) because of the way realloc reused memory - we just had trailing garbage strings. But sometimes we weren't so lucky and the strlen in a subsequent call of buffer_insert would run past the end of the allocated buffer. Oops. Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
author: Dirk Hohndel <dirk@hohndel.org> 2012-11-19 20:43:49 -0800
committer: Dirk Hohndel <dirk@hohndel.org> 2012-11-19 20:49:45 -0800
commit: 8e4d4970ecf348566046a5fd8aaee13a42b1a7e4 (patch)
tree: d42470e341b0faa241551301562ca2e00cd183a2 /uemis-downloader.c
parent: f3d87a2b164cd605620a8d2e5cd0b35bfc28ce2d (diff)
download: subsurface-8e4d4970ecf348566046a5fd8aaee13a42b1a7e4.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/uemis-downloader.c b/uemis-downloader.c
index adf400581..cf70776c8 100644
--- a/uemis-downloader.c
+++ b/uemis-downloader.c
@@ -413,7 +413,7 @@ static void buffer_insert(char **buffer, int *buffer_size, char *buf)
 	*buffer_size += len;
 	*buffer = realloc(*buffer, *buffer_size);
 	ptr = *buffer + offset;
-	memmove(ptr + len, ptr, strlen(*buffer) - offset);
+	memmove(ptr + len, ptr, strlen(*buffer) - offset + 1);
 	memmove(ptr, cbuf, len);
 }
author	Dirk Hohndel <dirk@hohndel.org>	2012-11-19 20:43:49 -0800
committer	Dirk Hohndel <dirk@hohndel.org>	2012-11-19 20:49:45 -0800
commit	8e4d4970ecf348566046a5fd8aaee13a42b1a7e4 (patch)
tree	d42470e341b0faa241551301562ca2e00cd183a2 /uemis-downloader.c
parent	f3d87a2b164cd605620a8d2e5cd0b35bfc28ce2d (diff)
download	subsurface-8e4d4970ecf348566046a5fd8aaee13a42b1a7e4.tar.gz