clamav-devel June 2008 archive
Main Archive Page > Month Archives  > clamav-devel archives
clamav-devel: [Clamav-devel] Silly code in clamav-0.93.1/shared/

[Clamav-devel] Silly code in clamav-0.93.1/shared/cfgparser.c

From: David F. Skoll <dfs_at_nospam>
Date: Thu Jun 12 2008 - 14:35:11 GMT


Just auditing the ClamAV code, I see: 289 char *cpy = (char *) calloc(strlen(arg), 1); 290 strncpy(cpy, arg, strlen(arg) - 1); 291 cpy[strlen(arg)-1]='\0';

Ummm... whaaa???

Surely you mean: cpy = strdup(arg);

At the very least, you need to check the return from calloc().


David. Please submit your patches to our Bugzilla: