From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Wed, 23 Sep 2009 12:20:45 +0000 (+0200)
Subject: fix buffer overflow in textbox when reflowing (CVE-2009-2905)
X-Git-Tag: r0-52-11~4
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9e3bf9df5d98e9f047e457f47017a3f4d076f2dc;p=thirdparty%2Fnewt.git

fix buffer overflow in textbox when reflowing (CVE-2009-2905)
---

diff --git a/textbox.c b/textbox.c
index c9dd88d..ec75446 100644
--- a/textbox.c
+++ b/textbox.c
@@ -175,7 +175,7 @@ static void doReflow(const char * text, char ** resultPtr, int width,
 
     if (resultPtr) {
 	/* XXX I think this will work */
-	result = malloc(strlen(text) + (strlen(text) / width) + 2);
+	result = malloc(strlen(text) + (strlen(text) / (width - 1)) + 2);
 	*result = '\0';
     }