chdir: fixing a malloc'ed buffer that was not large enough

(mem corruption)

diff --git a/libc-bottom-half/sources/chdir.c b/libc-bottom-half/sources/chdir.c
index 7820448ee193a78538e83f0d2bc9802ed35142fb..1a102db20e8ba6dbb2f6b7fb3b8bbc54cd3eab1e 100644 (file)
--- a/libc-bottom-half/sources/chdir.c
+++ b/libc-bottom-half/sources/chdir.c
@@ -46,7 +46,7 @@ int chdir(const char *path)
     size_t len = strlen(abs) + 1;
     int copy_relative = strcmp(relative_buf, ".") != 0;
     int mid = copy_relative && abs[0] != 0;
-    char *new_cwd = malloc(len + (copy_relative ? strlen(relative_buf) + mid: 0));
+    char *new_cwd = malloc(len + (copy_relative ? strlen(relative_buf) + mid: 0)+1);
     if (new_cwd == NULL) {
         errno = ENOMEM;
         return -1;
@@ -54,7 +54,7 @@ int chdir(const char *path)
     new_cwd[0] = '/';
     strcpy(new_cwd + 1, abs);
     if (mid)
-        new_cwd[strlen(abs) + 1] = '/';
+        new_cwd[len] = '/';
     if (copy_relative)
         strcpy(new_cwd + 1 + mid + strlen(abs), relative_buf);
 
@@ -95,9 +95,10 @@ static const char *make_absolute(const char *path) {
     int need_slash = __wasilibc_cwd[cwd_len - 1] == '/' ? 0 : 1;
     size_t alloc_len = cwd_len + path_len + 1 + need_slash;
     if (alloc_len > make_absolute_len) {
-        make_absolute_buf = realloc(make_absolute_buf, alloc_len);
-        if (make_absolute_buf == NULL)
+        char *tmp = realloc(make_absolute_buf, alloc_len);
+        if (tmp == NULL)
             return NULL;
+        make_absolute_buf = tmp;
         make_absolute_len = alloc_len;
     }
     strcpy(make_absolute_buf, __wasilibc_cwd);