about summary refs log tree commit diff
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2013-04-06 17:00:02 -0400
committerCarlos O'Donell <carlos@redhat.com>2013-04-06 17:00:02 -0400
commit7208a313b93a42e3cef61c4249a59b4b32a5850b (patch)
treee3477b3755f18bfe5ab0f7bfc86ba54139047316
parent872c0acd85bd158d1c226f290b606d0e7717a2a1 (diff)
downloadglibc-7208a313b93a42e3cef61c4249a59b4b32a5850b.tar.gz
glibc-7208a313b93a42e3cef61c4249a59b4b32a5850b.tar.xz
glibc-7208a313b93a42e3cef61c4249a59b4b32a5850b.zip
dl_open_worker: Memset all of seen array.
The seen array was doubled in size recently, but the memset to clear
the array was not adjusted. We adjust the memset to always be correct
regardless of the size of seen.

---

2013-04-06  Carlos O'Donell  <carlos@redhat.com>

	[BZ #15309]
	* elf/dl-open.c (dl_open_worker): memset all of seen array.
Diffstat
-rw-r--r--ChangeLog5
-rw-r--r--NEWS3
-rw-r--r--elf/dl-open.c2
3 files changed, 8 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index dbb7af5b84..197ea247ad 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2013-04-06  Carlos O'Donell  <carlos@redhat.com>
+
+	[BZ #15309]
+	* elf/dl-open.c (dl_open_worker): memset all of seen array.
+
 2013-04-06  Marko Myllynen  <myllynen@redhat.com>
 
 	[BZ #15264]
diff --git a/NEWS b/NEWS
index e5c8c864d3..5644a59a75 100644
--- a/NEWS
+++ b/NEWS
@@ -13,7 +13,8 @@ Version 2.18
   14176, 14200, 14317, 14327, 14478, 14496, 14686, 14812, 14920, 14964,
   14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023, 15036,
   15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283, 15285,
-  15287, 15304, 15305, 15307, 15327, 15330, 15335, 15336, 15337, 15342.
+  15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337,
+  15342.
 
 * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla
   #15078).
diff --git a/elf/dl-open.c b/elf/dl-open.c
index 201d95d1be..9ff5f5736d 100644
--- a/elf/dl-open.c
+++ b/elf/dl-open.c
@@ -344,7 +344,7 @@ dl_open_worker (void *a)
   if (nmaps > 1)
     {
       uint16_t seen[nmaps];
-      memset (seen, '\0', nmaps);
+      memset (seen, '\0', sizeof (seen));
       size_t i = 0;
       while (1)
 	{
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-08-02 07:16:29 +0000