From a41214bc9a0f326c6dc129e4a6382efb8b826862 Mon Sep 17 00:00:00 2001
From: Peter Hutterer <peter.hutterer@who-t.net>
Date: Tue, 25 Oct 2011 12:57:07 +1000
Subject: [PATCH] kdrive: check for null memory, fix OOB

If key/value allocation failed, don't bother adding another InputOption. And
make sure the memory allocated is large enough for the trailing \0

Signed-off-by: Peter Hutterer <peter.hutterer@who-t.net>
Reviewed-by: Jeremy Huddleston <jeremyhu@apple.com>
---
 hw/kdrive/src/kinput.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/hw/kdrive/src/kinput.c b/hw/kdrive/src/kinput.c
index a1bbcaace3..6a1ce49e00 100644
--- a/hw/kdrive/src/kinput.c
+++ b/hw/kdrive/src/kinput.c
@@ -1049,10 +1049,15 @@ KdGetOptions (InputOption **options, char *string)
     if (strchr(string, '='))
     {
         tam_key = (strchr(string, '=') - string);
-        key = malloc(tam_key);
+        key = malloc(tam_key + 1);
+        if (!key)
+            goto out;
+
         strncpy(key, string, tam_key);
         key[tam_key] = '\0';
         value = strdup(strchr(string, '=') + 1);
+        if (!value)
+            goto out;
     }
     else
     {
@@ -1064,6 +1069,7 @@ KdGetOptions (InputOption **options, char *string)
     if (newopt)
         *options = newopt;
 
+out:
     free(key);
     free(value);