From a4b148435268ea0bd783a5b109b6a12c4850631b Mon Sep 17 00:00:00 2001
From: Frerich Raabe <raabe@froglogic.com>
Date: Tue, 9 Feb 2016 08:43:51 +0100
Subject: Fixed out of bounds access when calling su/sudo

The memory block allocated for the execv() arguments was too small,
causing subsequent code to invoke undefined behavior.

Change-Id: Ic0b1e03ddc07e3147ef0d920f18d86276b21e222
Reviewed-by: Katja Marttila <katja.marttila@theqtcompany.com>
---
 src/libs/installer/adminauthorization_x11.cpp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/libs/installer/adminauthorization_x11.cpp b/src/libs/installer/adminauthorization_x11.cpp
index 20eacf1cc..f451f344e 100644
--- a/src/libs/installer/adminauthorization_x11.cpp
+++ b/src/libs/installer/adminauthorization_x11.cpp
@@ -238,7 +238,7 @@ bool AdminAuthorization::execute(QWidget *parent, const QString &program, const
         for (int i = 3; i < static_cast<int>(rlp.rlim_cur); ++i)
             ::close(i);
 
-        char **argp = (char **) ::malloc(arguments.count() + 4 * sizeof(char *));
+        char **argp = (char **) ::malloc((arguments.count() + 4) * sizeof(char *));
         QList<QByteArray> args;
         args.push_back(SU_COMMAND);
         args.push_back("-b");
-- 
cgit v1.2.3