Comment 7 for bug 894782

Zubin, thanks for updating your patch. I see a couple of issues with your patch:

  - the filter loop quits when \0 is reached at the end of the existing path, but never writes \0 to the end of the filtered string. Any attempts to read the filtered string will run off the end of the malloc(3)ed memory and read what ever memory contents happen to be adjacent to it. It may cause the daemon to crash if it hits an unmapped page.

  - the result of strlen(3) is used to calculate the amount of memory to malloc(3) for the filtered string, but strlen(3) reports the length of the string not including the trailing \0. So the allocated array will not have enough room for you to write the trailing \0 once you do so.

Please address these issues and test your fix once you've done so to verify that you've addressed the issue, as well as consider submitting your patch to the upstream icecast project; poking around their svn tree(http://www.icecast.org/svn.php) , it appears this issue is still unfixed there as well.