From 2c8be80a254fb8fd1d19fb305a3438d681dec704 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Fri, 28 Oct 2022 15:04:09 +1300
Subject: [PATCH] lib/base: Correct realloc() paramters, to allocate one more
 byte, not 1 byte

The entry condition here is p == pend so this is really just 1 + p - p, eg just 1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
---
 lib/base/json.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/lib/base/json.c b/lib/base/json.c
index a4ca83845..23928b3a1 100644
--- a/lib/base/json.c
+++ b/lib/base/json.c
@@ -962,7 +962,12 @@ parse_string(struct parse_ctx *ctx)
 
     /* NUL-terminate for rk_base64_decode() and plain paranoia */
     if (p0 != NULL && p == pend) {
-        char *tmp = realloc(p0, 1 + pend - p);
+        /*
+	 * Work out how far p is into p0 to re-esablish p after
+	 * the realloc()
+	 */
+        size_t p0_to_pend_len = (pend - p0);
+        char *tmp = realloc(p0, 1 + p0_to_pend_len);
 
         if (tmp == NULL) {
             ctx->error = heim_error_create_enomem();