BR 2048950: fix crash due to mmacro list overflow

When allocating the buffer for an mmacro list, we apparently failed to guarantee space for the terminating NULL. This almost certainly caused the crash described in BR 2048950, and quite possibly BR 1284169.
author: H. Peter Anvin <hpa@zytor.com> 2008-09-01 10:56:33 -0700
committer: H. Peter Anvin <hpa@zytor.com> 2008-09-01 10:56:33 -0700
commit: 91fb6f16264ba3b2cde01b0dc35e672e024d4d28 (patch)
tree: 5d2bb28b7faa3e8865f8ad48116dece1652f21d4
parent: 5c10c17ba08731677ce8f4a9a3f8005fb60fe987 (diff)
download: nasm-91fb6f16264ba3b2cde01b0dc35e672e024d4d28.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/preproc.c b/preproc.c
index e7a42528..99e89289 100644
--- a/preproc.c
+++ b/preproc.c
@@ -1434,7 +1434,8 @@ static void count_mmac_params(Token * t, int *nparam, Token *** params)
     *nparam = paramsize = 0;
     *params = NULL;
     while (t) {
-        if (*nparam >= paramsize) {
+	/* +1: we need space for the final NULL */
+        if (*nparam+1 >= paramsize) {
             paramsize += PARAM_DELTA;
             *params = nasm_realloc(*params, sizeof(**params) * paramsize);
         }
author	H. Peter Anvin <hpa@zytor.com>	2008-09-01 10:56:33 -0700
committer	H. Peter Anvin <hpa@zytor.com>	2008-09-01 10:56:33 -0700
commit	91fb6f16264ba3b2cde01b0dc35e672e024d4d28 (patch)
tree	5d2bb28b7faa3e8865f8ad48116dece1652f21d4
parent	5c10c17ba08731677ce8f4a9a3f8005fb60fe987 (diff)
download	nasm-91fb6f16264ba3b2cde01b0dc35e672e024d4d28.tar.gz