From 7208a313b93a42e3cef61c4249a59b4b32a5850b Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Sat, 6 Apr 2013 17:00:02 -0400 Subject: [PATCH] dl_open_worker: Memset all of seen array. The seen array was doubled in size recently, but the memset to clear the array was not adjusted. We adjust the memset to always be correct regardless of the size of seen. --- 2013-04-06 Carlos O'Donell [BZ #15309] * elf/dl-open.c (dl_open_worker): memset all of seen array. --- ChangeLog | 5 +++++ NEWS | 3 ++- elf/dl-open.c | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index dbb7af5..197ea24 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-04-06 Carlos O'Donell + + [BZ #15309] + * elf/dl-open.c (dl_open_worker): memset all of seen array. + 2013-04-06 Marko Myllynen [BZ #15264] diff --git a/NEWS b/NEWS index e5c8c86..5644a59 100644 --- a/NEWS +++ b/NEWS @@ -13,7 +13,8 @@ Version 2.18 14176, 14200, 14317, 14327, 14478, 14496, 14686, 14812, 14920, 14964, 14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283, 15285, - 15287, 15304, 15305, 15307, 15327, 15330, 15335, 15336, 15337, 15342. + 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, + 15342. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/elf/dl-open.c b/elf/dl-open.c index 201d95d..9ff5f57 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -344,7 +344,7 @@ dl_open_worker (void *a) if (nmaps > 1) { uint16_t seen[nmaps]; - memset (seen, '\0', nmaps); + memset (seen, '\0', sizeof (seen)); size_t i = 0; while (1) { -- 2.7.4