ao-tools: Fix buffer overflow in lib/ao-hex.c

ao_hex_file_create allocated a buffer too short when writing EOF.

Signed-off-by: Keith Packard <keithp@keithp.com>

diff --git a/ao-tools/lib/ao-hex.c b/ao-tools/lib/ao-hex.c
index 73f3d7bed61dde5534fe03631ff62e4b563f49c9..c275baafb2c296b41c011f7872c3c1d4d34330f0 100644 (file)
--- a/ao-tools/lib/ao-hex.c
+++ b/ao-tools/lib/ao-hex.c
@@ -565,7 +565,7 @@ ao_hex_file_create(struct ao_hex_image *image, struct ao_sym *symbols, int num_s
 
        /* Stick an EOF after the data
         */
-       record = calloc(sizeof (struct ao_hex_record), 1);
+       record = calloc(1,sizeof (struct ao_hex_record) + 2);
        record->type = AO_HEX_RECORD_EOF;
        record->address = 0;
        record->length = 0;