From 8d6c90351c9d4fd8557c250dce18c7e7119fbd64 Mon Sep 17 00:00:00 2001
From: Artem Popov <artem.popov@samsung.com>
Date: Thu, 23 Mar 2017 16:27:22 +0200
Subject: [PATCH] Eina_Xattr: fix memory corruption

Summary:
There should be reallocation +1 (for last '\0') and also
checking >0, not !=0, because of getxattr can return -1 in case of error
@fix

Reviewers: cedric, raster, NikaWhite, jpeg

Reviewed By: NikaWhite

Subscribers: myoungwoon

Tags: #efl

Differential Revision: https://phab.enlightenment.org/D4734
---
 src/lib/eina/eina_xattr.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/lib/eina/eina_xattr.c b/src/lib/eina/eina_xattr.c
index d5e6970840..a32ff5306a 100644
--- a/src/lib/eina/eina_xattr.c
+++ b/src/lib/eina/eina_xattr.c
@@ -80,7 +80,7 @@ _eina_xattr_value_ls_fd_iterator_next(Eina_Xattr_Iterator *it, void **data)
    it->offset += strlen(it->attr->name) + 1;
 
    it->attr->length = fgetxattr(it->fd, it->attr->name, NULL, 0);
-   if (it->attr->length)
+   if (it->attr->length > 0)
      {
         tmp = realloc((void*) it->attr->value, it->attr->length + 1);
         if (!tmp)
@@ -115,9 +115,9 @@ _eina_xattr_value_ls_iterator_next(Eina_Xattr_Iterator *it, void **data)
    it->offset += strlen(it->attr->name) + 1;
 
    it->attr->length = getxattr(it->file, it->attr->name, NULL, 0);
-   if (it->attr->length)
+   if (it->attr->length > 0)
      {
-        tmp = realloc((void*) it->attr->value, it->attr->length);
+        tmp = realloc((void*) it->attr->value, it->attr->length + 1);
         if (!tmp)
           {
              free((void*) it->attr->value);