From c68a229e0913247588a5a0836a8c99b18eec2502 Mon Sep 17 00:00:00 2001
From: Yorhel <git@yorhel.nl>
Date: Wed, 28 Apr 2010 10:08:45 +0200
Subject: [PATCH] Fixed buffer overflow when some directories can't be scanned

Also changed other occurences of the same situation to use the same
checking method (>= rather than a +1) for consistency.

Fixes bug #2981704.
---
 ChangeLog  | 1 +
 src/calc.c | 6 +++---
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8674caf..d98653a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -2,6 +2,7 @@ git - ?
 	- List the detected hard links in file info window
 	- Count the size a hard linked file once for each directory it appears in
 	- Fixed crash on browsing dirs with a small window size (#2991787)
+	- Fixed buffer overflow when some directories can't be scanned (#2981704)
 	- Improved browsing performance
 	- Various minor fixes
 
diff --git a/src/calc.c b/src/calc.c
index 451273d..78afde0 100644
--- a/src/calc.c
+++ b/src/calc.c
@@ -247,7 +247,7 @@ int calc_dir(struct dir *dest, char *name) {
 
   /* open & chdir into directory */
   if((dir = opendir(name)) == NULL || chdir(name) < 0) {
-    if(lasterrl < (int)strlen(curpath)) {
+    if(lasterrl <= (int)strlen(curpath)) {
       lasterrl = strlen(curpath)+1;
       lasterr = realloc(lasterr, lasterrl);
     }
@@ -465,7 +465,7 @@ int calc_process() {
 
   /* update curpath */
   if(strcmp(name, ".")) {
-    if((int)strlen(path)+1 > curpathl) {
+    if(curpathl <= (int)strlen(path)) {
       curpathl = strlen(path)+1;
       curpath = realloc(curpath, curpathl);
     }
@@ -532,7 +532,7 @@ void calc_init(char *dir, struct dir *org) {
   if(curpathl == 0) {
     curpathl = strlen(dir)+1;
     curpath = malloc(curpathl);
-  } else if(curpathl < (int)strlen(dir)+1) {
+  } else if(curpathl <= (int)strlen(dir)) {
     curpathl = strlen(dir)+1;
     curpath = realloc(curpath, curpathl);
   }
-- 
GitLab