Heap corruption while loading database

Library to correct optical lens defects and lens database

Brought to you by: bronger, seebk

This project can now be found here.

#106 Heap corruption while loading database

Status: fixed

Owner: nobody

Labels: None

Updated: 2018-10-03

Created: 2018-10-02

Creator: Andrey Glebov

Private: No

While investigating a heap corruption I was running my application with sanitizers and found that the problem was the folowing code:

char* p = (char*)malloc(strlen(val));
strcpy(p, val);

It results in heap corruption because strlen returns the length without the null-terminator while strcpy copies the null-terminator.
The simplest fix would be to change the allocation code to:

char* p = (char*)malloc(strlen(val) + 1);

I've found such code in 2 places in the current master:
1. libs/lensfun/mount.cpp:63 (in void lfMount::AddCompat (const char *val))
2. libs/lensfun/lens.cpp:183 (in void lfLens::AddMount (const char *val))

Discussion

seebk - 2018-10-03

Thanks for letting us know, it is now fixed in git master.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

seebk - 2018-10-03

status: open --> fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Heap corruption while loading database

Library to correct optical lens defects and lens database

Searches

Help

#106 Heap corruption while loading database

Discussion