From e79bd02f0a534117fe76827b0b615ac3ed8f813b Mon Sep 17 00:00:00 2001 From: Jef Driesen Date: Tue, 26 Aug 2014 18:44:44 +0200 Subject: [PATCH] Fix a buffer overflow. The 6 byte logbook entry gets prepended to the profile data. We need to take this into account when allocating the memory buffer. Under normal circumstances this shouldn't be a problem, because a single dive is usually much smaller than the profile ringbuffer. But it's better to be on the safe side. --- src/diverite_nitekq.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/diverite_nitekq.c b/src/diverite_nitekq.c index e032fb6..661588f 100644 --- a/src/diverite_nitekq.c +++ b/src/diverite_nitekq.c @@ -372,7 +372,7 @@ diverite_nitekq_extract_dives (dc_device_t *abstract, const unsigned char data[] data += SZ_PACKET; // Allocate memory. - unsigned char *buffer = (unsigned char *) malloc (RB_PROFILE_END - RB_PROFILE_BEGIN); + unsigned char *buffer = (unsigned char *) malloc (SZ_LOGBOOK + RB_PROFILE_END - RB_PROFILE_BEGIN); if (buffer == NULL) { ERROR (context, "Failed to allocate memory."); return DC_STATUS_NOMEMORY;