Buffer overrun can happen in util.c #3200
Description
In the file programs/util.c, the function mallocAndJoin2Dir has the following code:
static char* mallocAndJoin2Dir(const char *dir1, const char *dir2) {
const size_t dir1Size = strlen(dir1);
const size_t dir2Size = strlen(dir2);
char *outDirBuffer;
...
outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
...
buffer = outDirBuffer + dir1Size;
trailingChar = *(buffer - 1);
}
When dir1Size=0 (i.e., dir1="" ), the buffer access *(buffer - 1) is out of bound.