projects / external / glibc.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4bee4cd) | patch
libio: Fix buffer overrun in tst-ftell-active-handler
authorAdhemerval Zanella <azanella@linux.vnet.ibm.com>
Fri, 5 Dec 2014 12:41:22 +0000 (07:41 -0500)
committerAdhemerval Zanella <azanella@linux.vnet.ibm.com>
Fri, 5 Dec 2014 12:41:22 +0000 (07:41 -0500)
commit9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a
tree8584d933eb5bed98af8b3784a1b3f785c9df8b36tree | snapshot
parent4bee4cd9593610ac1204529076591871b1143c7ecommit | diff
libio: Fix buffer overrun in tst-ftell-active-handler

On 'do_ftell_test' the code:

365           if (test_modes[i].fd_mode != O_WRONLY)
366             {
367               char tmpbuf[data_len];
368
369               rewind (fp);
370
371               while (fgets_func (tmpbuf, sizeof (tmpbuf), fp) && !feof (fp));

The 'data_len' is calculated with wsclen and allocated as 'char'.  The
subsequent fgetws will then try to write at most 'data_len' wchar_t
in a buffer with just data_len 'char'.  This patch fixes it by
allocating the tmpbuf using 'wchar_t' * data_len bytes.
ChangeLog diff | blob | history
libio/tst-ftell-active-handler.c diff | blob | history
Domain: System / Toolchain;