regedit: Need 3 bytes of room at end of buffer for \r\n\0 to avoid endless loop. (resend)

Wed Nov 25 22:22:40 CST 2015

From: Jiaxing Wang <hello.wjx at gmail.com>

Signed-off-by: Sebastian Lackner <sebastian at fds-team.de>
---

Without this fix regedit deadlocks when trying to import the following file: http://ix.io/j1Y
(md5sum: 6928e59d2c1a92666377a088a1523666)

 programs/regedit/regproc.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/programs/regedit/regproc.c b/programs/regedit/regproc.c
index 643b559..2d766de 100644
--- a/programs/regedit/regproc.c
+++ b/programs/regedit/regproc.c
@@ -641,7 +641,7 @@ static void processRegLinesA(FILE *in, char* first_chars)
             /* Do we need to expand the buffer ? */
             assert (s >= line && s <= line + lineSize);
             size_remaining = lineSize - (s-line);
-            if (size_remaining < 2) /* room for 1 character and the \0 */
+            if (size_remaining < 3) /* need at least 3 bytes of room for \r\n\0 */
             {
                 char *new_buffer;
                 size_t new_size = lineSize + REG_VAL_BUF_SIZE;
-- 
2.6.2

