From 202585da4315df1c68e6619d8097b06aaac98bbc Mon Sep 17 00:00:00 2001
From: Sergey Bugaev <bugaevc@gmail.com>
Date: Tue, 9 May 2023 00:31:21 +0300
Subject: boot: Fix use-after-realloc

Message-Id: <20230508213136.608575-27-bugaevc@gmail.com>
---
 boot/boot.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'boot/boot.c')

diff --git a/boot/boot.c b/boot/boot.c
index b661f09c..144ca1c3 100644
--- a/boot/boot.c
+++ b/boot/boot.c
@@ -486,15 +486,16 @@ read_boot_script (char **buffer, size_t *length)
       if (p == buf + len)
         {
           char *newbuf;
+          size_t newlen = len + 500;
 
-          len += 500;
-          newbuf = realloc (buf, len);
+          newbuf = realloc (buf, newlen);
           if (!newbuf)
             {
               write (2, memmsg, sizeof (memmsg));
               host_exit (1);
             }
-          p = newbuf + (p - buf);
+          p = newbuf + len;
+          len = newlen;
           buf = newbuf;
         }
     }
-- 
cgit v1.2.3