diff options
| author | Mike Frysinger <vapier@gentoo.org> | 2015-08-28 17:08:49 -0400 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2015-08-29 18:12:23 -0400 |
| commit | f2cdbadd8a078482d3b9fc2b59e888c64cc4efae (patch) | |
| tree | cee1ec32fd3df81ab593a95dd0bb260ed5a88db7 /NEWS | |
| parent | 978908245b2c0f759100708a9966649f7b273664 (diff) | |
| download | glibc-f2cdbadd8a078482d3b9fc2b59e888c64cc4efae.tar.gz glibc-f2cdbadd8a078482d3b9fc2b59e888c64cc4efae.tar.xz glibc-f2cdbadd8a078482d3b9fc2b59e888c64cc4efae.zip | |
getmntent: fix memory corruption w/blank lines [BZ #18887]
The fix for BZ #17273 introduced a single byte of memory corruption when the line is entirely blank. It would walk back past the start of the buffer if the heap happened to be 0x20 or 0x09 and then write a NUL byte. buffer = '\n'; end_ptr = buffer; while (end_ptr[-1] == ' ' || end_ptr[-1] == '\t') end_ptr--; *end_ptr = '\0'; Fix that and rework the tests. Adding the testcase for BZ #17273 to the existing \040 parser does not really make sense as it's unrelated, and leads to confusing behavior: it implicitly relies on the new entry being longer than the previous entry (since it just rewinds the FILE*). Split it out into its own dedicated testcase instead. (cherry picked from commit b0e805fa0d6fea33745952df7b7f5442ca4c374f)
Diffstat (limited to 'NEWS')
| -rw-r--r-- | NEWS | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/NEWS b/NEWS index e3588fce7a..52116d585a 100644 --- a/NEWS +++ b/NEWS @@ -9,7 +9,7 @@ Version 2.21.1 * The following bugs are resolved with this release: - 17269, 17949, 18032, 18287, 18694. + 17269, 17949, 18032, 18287, 18694, 18887. * A buffer overflow in gethostbyname_r and related functions performing DNS requests has been fixed. If the NSS functions were called with a |