Fix invalid pointer dereference in wcpcpy_chk

author Szabolcs Nagy <szabolcs.nagy@arm.com>

Tue, 21 Jun 2022 14:57:48 +0000 (15:57 +0100)

committer Szabolcs Nagy <szabolcs.nagy@arm.com>

Fri, 28 Oct 2022 10:15:28 +0000 (11:15 +0100)
author Szabolcs Nagy <szabolcs.nagy@arm.com>
Tue, 21 Jun 2022 14:57:48 +0000 (15:57 +0100)
committer Szabolcs Nagy <szabolcs.nagy@arm.com>
Fri, 28 Oct 2022 10:15:28 +0000 (11:15 +0100)
diff --git a/debug/wcpcpy_chk.c b/debug/wcpcpy_chk.c

index bc2be43..d44fb47 100644 (file)
--- a/debug/wcpcpy_chk.c
+++ b/debug/wcpcpy_chk.c
@@ -28,13 +28,12 @@ __wcpcpy_chk (wchar_t *dest, const wchar_t *src, size_t destlen)
  {
    wchar_t *wcp = (wchar_t *) dest - 1;
    wint_t c;
-  const ptrdiff_t off = src - dest + 1;
  
    do
      {
        if (__glibc_unlikely (destlen-- == 0))
         __chk_fail ();
-      c = wcp[off];
+      c = *src++;
        *++wcp = c;
      }
    while (c != L'\0');
author	Szabolcs Nagy <szabolcs.nagy@arm.com>
	Tue, 21 Jun 2022 14:57:48 +0000 (15:57 +0100)
committer	Szabolcs Nagy <szabolcs.nagy@arm.com>
	Fri, 28 Oct 2022 10:15:28 +0000 (11:15 +0100)