From 9b7affe0b1e6512c6c73d19e1220c94fdb5c8159 Mon Sep 17 00:00:00 2001 From: "A. Wilcox" Date: Sat, 28 Jul 2018 19:06:33 -0500 Subject: [PATCH] tuple: Ensure buf length is always >= 1 in dequote MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit If a key is defined with no value, dequote will allocate a buffer with a length of 0. Since the buffer's length is 0, any manipulation of its content is UB. Example .pc file: prefix=/usr exec_prefix=${prefix} libdir=${exec_prefix}/lib includedir=${prefix}/include xcflags= xlibs= -lSM -lICE -lX11 Name: Obt Description: Openbox Toolkit Library Version: 3.6 Requires: glib-2.0 libxml-2.0 Libs: -L${libdir} -lobt ${xlibs} Cflags: -I${includedir}/openbox/3.6 ${xcflags} Output using pkgconf 1.5.2 on x86_64 Linux/musl: % pkgconf --cflags obt-3.5 -I/usr/include/openbox/3.6 \�\\�I\�\ -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libxml2 --- libpkgconf/tuple.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libpkgconf/tuple.c b/libpkgconf/tuple.c index 26dc5d5..8523709 100644 --- a/libpkgconf/tuple.c +++ b/libpkgconf/tuple.c @@ -139,7 +139,7 @@ pkgconf_tuple_find_delete(pkgconf_list_t *list, const char *key) static char * dequote(const char *value) { - char *buf = calloc(strlen(value) * 2, 1); + char *buf = calloc((strlen(value) + 1) * 2, 1); char *bptr = buf; const char *i; char quote = 0;