From 5f1ad860b74a1117c612886872260ecf6e7ec36e Mon Sep 17 00:00:00 2001
From: Sergei Trofimovich <st@anti-virus.by>
Date: Wed, 12 Aug 2009 12:37:32 +0300
Subject: [PATCH] Ticket #1527: heap corruption detected on large filenames

Fix bug, introduced in 27fbf91c28f68a8fd6c8ebf358588e80e21452d3
commit. Really allocate 'dirent + NAME_MAX + 1', instead of
sizeof(void*) + NAME_MAX + 1.

Signed-off-by: Sergei Trofimovich <st@anti-virus.by>
---
 vfs/vfs.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/vfs/vfs.c b/vfs/vfs.c
index d6f7bfcc9..d42599ceb 100644
--- a/vfs/vfs.c
+++ b/vfs/vfs.c
@@ -789,7 +789,7 @@ mc_readdir (DIR *dirp)
          * structures, holding dirent size. But we don't use it in libc infrastructure.
          * TODO: to make simpler homemade dirent-alike structure.
          */
-        mc_readdir_result = (struct dirent *)malloc(sizeof(struct dirent *) + NAME_MAX + 1);
+        mc_readdir_result = (struct dirent *)malloc(sizeof(struct dirent) + NAME_MAX + 1);
     }
 
     if (!dirp) {