Fix heap overflow from curl-originating buffers - snac2 - Fork of https://codeberg.org/grunfink/snac2

commit ea9c030249cb3db7a923c8e546df9897e0a39384
parent 632bbe475c2d948cdae4eaba3367b9e65c5ff141
Author: Saagar Jha <saagar@saagarjha.com>
Date:   Mon, 10 Apr 2023 01:34:48 -0700

Fix heap overflow from curl-originating buffers

Most of xs.h seems to expect that buffers are rounded up to block size,
so we should preserve that invariant here. (In particular, xs_expand
will avoid calling xs_realloc if the new size fits in the same block,
which means that if we don't pad out the data it will expand out of the
memory we're allocated.)

Diffstat:
M xs_curl.h  | 2 +-

1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/xs_curl.h b/xs_curl.h
@@ -55,7 +55,7 @@ static int _data_callback(void *buffer, size_t size,
 
     /* open space */
     pd->size += sz;
-    pd->data = xs_realloc(pd->data, pd->size + 1);
+    pd->data = xs_realloc(pd->data, _xs_blk_size(pd->size + 1));
 
     /* copy data */
     memcpy(pd->data + pd->offset, buffer, sz);

	snac2 Fork of https://codeberg.org/grunfink/snac2
	git clone https://git.inz.fi/snac2
	Log \| Files \| Refs \| README \| LICENSE