From 6d79ddd5da846e6e89129abbfc9754ad0e2e0245 Mon Sep 17 00:00:00 2001 From: peavey Date: Fri, 29 Dec 2006 01:46:13 +0000 Subject: Writing beyond malloc'ed mem of a char pointer will crash with a vengeance. Fix it by actually doing the +1 mentioned in the comment above, but lacking from the actual code. git-svn-id: http://svn.inspircd.org/repository/trunk/inspircd@6152 e03df62e-2008-0410-955e-edbf42e46eb7 --- src/modules/extra/m_mysql.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/modules/extra/m_mysql.cpp b/src/modules/extra/m_mysql.cpp index 2449b5238..19632d669 100644 --- a/src/modules/extra/m_mysql.cpp +++ b/src/modules/extra/m_mysql.cpp @@ -454,7 +454,7 @@ class SQLConnection : public classbase * The +1 is for null-terminating the string for mysql_real_escape_string */ - query = new char[req.query.q.length() + (paramlen*2)]; + query = new char[req.query.q.length() + (paramlen*2) + 1]; queryend = query; /* Okay, now we have a buffer large enough we need to start copying the query into it and escaping and substituting -- cgit v1.2.3