utils: Fix out-of-bounds writes

We are adding terminating NUL into res[len]. To avoid the invalid write, let's allocate len + 1. Fixes: ebassi/graphene#168
jtojnar · Aug 25, 2019 · 1333bc9 · 1333bc9
1 parent 822b5dd
commit 1333bc9
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/mutest-utils.c b/src/mutest-utils.c
@@ -162,7 +162,7 @@ mutest_strndup (const char *str,
   if (len >= str_len)
     return mutest_strdup (str);
 
-  char *res = malloc (len * sizeof (char));
+  char *res = malloc ((len + 1) * sizeof (char));
   if (res == NULL)
     mutest_oom_abort ();
 
@@ -367,7 +367,7 @@ string_split (const char *str,
       indent[indent_len] = '\0';
     }
 
-  char *res = malloc (sizeof (char) * len);
+  char *res = malloc (sizeof (char) * (len + 1));
   if (mutest_unlikely (res == NULL))
     mutest_oom_abort ();