dl_open_worker: Memset all of seen array.

The seen array was doubled in size recently, but the memset to clear
the array was not adjusted. We adjust the memset to always be correct
regardless of the size of seen.

---

2013-04-06  Carlos O'Donell  <carlos@redhat.com>

	[BZ #15309]
	* elf/dl-open.c (dl_open_worker): memset all of seen array.

diff --git a/ChangeLog b/ChangeLog
index dbb7af5..197ea24 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-04-06  Carlos O'Donell  <carlos@redhat.com>
+
+       [BZ #15309]
+       * elf/dl-open.c (dl_open_worker): memset all of seen array.
+
 2013-04-06  Marko Myllynen  <myllynen@redhat.com>
 
        [BZ #15264]

diff --git a/NEWS b/NEWS
index e5c8c86..5644a59 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -13,7 +13,8 @@ Version 2.18
   14176, 14200, 14317, 14327, 14478, 14496, 14686, 14812, 14920, 14964,
   14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023, 15036,
   15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283, 15285,
-  15287, 15304, 15305, 15307, 15327, 15330, 15335, 15336, 15337, 15342.
+  15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337,
+  15342.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).

diff --git a/elf/dl-open.c b/elf/dl-open.c
index 201d95d..9ff5f57 100644 (file)
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -344,7 +344,7 @@ dl_open_worker (void *a)
   if (nmaps > 1)
     {
       uint16_t seen[nmaps];
-      memset (seen, '\0', nmaps);
+      memset (seen, '\0', sizeof (seen));
       size_t i = 0;
       while (1)
        {