From 3453ef724b891a0286c436b28b0b4fd50edc74f4 Mon Sep 17 00:00:00 2001
From: Damon Chaplin <damon@ximian.com>
Date: Wed, 31 Oct 2001 05:17:49 +0000
Subject: forgot to account for the spaces added, so it could have been writing
 over

2001-10-30  Damon Chaplin  <damon@ximian.com>

	* src/libical/icalproperty.c (fold_property_line): forgot to account
	for the spaces added, so it could have been writing over the end of
	the allocated memory. Added check for buffer overflow as well.
	This could well have been the problem causing bug #14067.

svn path=/trunk/; revision=14517
---
 libical/ChangeLog                  |  7 +++++++
 libical/src/libical/icalproperty.c | 13 +++++++++----
 2 files changed, 16 insertions(+), 4 deletions(-)

diff --git a/libical/ChangeLog b/libical/ChangeLog
index 476b18e158..066d625076 100644
--- a/libical/ChangeLog
+++ b/libical/ChangeLog
@@ -1,3 +1,10 @@
+2001-10-30  Damon Chaplin  <damon@ximian.com>
+
+	* src/libical/icalproperty.c (fold_property_line): forgot to account
+	for the spaces added, so it could have been writing over the end of
+	the allocated memory. Added check for buffer overflow as well.
+	This could well have been the problem causing bug #14067.
+
 2001-10-30  Damon Chaplin  <damon@ximian.com>
 
 	* zoneinfo/*.ics: Regenerated all VTIMEZONEs, to be compatable with
diff --git a/libical/src/libical/icalproperty.c b/libical/src/libical/icalproperty.c
index a872b17b7f..331443e3dd 100644
--- a/libical/src/libical/icalproperty.c
+++ b/libical/src/libical/icalproperty.c
@@ -270,18 +270,19 @@ icalproperty_free (icalproperty* prop)
 static char*
 fold_property_line (char *text)
 {
-    int len, max_lines, line_length;
+    int len, max_lines, line_length, buf_len;
     char *buf, *src, *dest, ch;
 
     len = strlen (text);
 
     /* The minimum length we split a line at is 65 characters, so calculate
        the maximum number of newlines we will need. */
-    max_lines = ((len - 1) / 65);
+    max_lines = len / 65;
 
     /* Calculate the maximum size for the buffer we need, if we add a newline
-       character for each line, and a '\0' at the end. */
-    buf = icalmemory_tmp_buffer (len + max_lines + 1);
+       and a space character for each line, and a '\0' at the end. */
+    buf_len = len + (max_lines * 2);
+    buf = icalmemory_tmp_buffer (buf_len + 1);
 
     src = text;
     dest = buf;
@@ -299,6 +300,10 @@ fold_property_line (char *text)
 	line_length++;
 
 	src++;
+
+	if (dest - buf > buf_len) {
+	    icalerror_warn ("Buffer overflow.");
+	}
     }
     *dest = '\0';
 
-- 
cgit v1.2.3