Hello, Have had a look at CVE-2016-7392 in autotrace, from a quick glance at source code, the code does:
XMALLOC(pstoedit_suffix_table, sizeof(char *) * 2 * (dd_tmp - dd_start) + 1); Which I believe is the same as: XMALLOC(pstoedit_suffix_table, (sizeof(char *) * 2 * (dd_tmp - dd_start)) + 1); i.e. the code leaves room for one byte at the end. However we store a (char *) at the very end. Which I think might be more then one byte: pstoedit_suffix_table[2 * (dd_tmp - dd_start)] = NULL; So possibly that expression should be: XMALLOC(pstoedit_suffix_table, (sizeof(char *) * 2 * (dd_tmp - dd_start)) + (sizeof(char *))); Regards -- Brian May <br...@linuxpenguins.xyz> https://linuxpenguins.xyz/brian/
