diff options
| author | Florian Weimer <fweimer@redhat.com> | 2017-08-29 17:33:58 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2017-08-29 17:33:58 +0200 |
| commit | 251bccfa1fcb3568e43546b0df33e052889406c1 (patch) | |
| tree | 29c7966c2fc0ee4fba8cbf1ddf42123a71b0716e /iconv/gconv_db.c | |
| parent | e7c18b9d0aacb02f9d6edffdf4d1e26a54fbfb84 (diff) | |
| download | glibc-251bccfa1fcb3568e43546b0df33e052889406c1.tar.gz glibc-251bccfa1fcb3568e43546b0df33e052889406c1.tar.xz glibc-251bccfa1fcb3568e43546b0df33e052889406c1.zip | |
iconv_open: Fix heap corruption on gconv_init failure [BZ #22026]
Also mangle the __end_fct function pointer on the error handling path.
Diffstat (limited to 'iconv/gconv_db.c')
| -rw-r--r-- | iconv/gconv_db.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/iconv/gconv_db.c b/iconv/gconv_db.c index 7a95aeaeac..96f087192e 100644 --- a/iconv/gconv_db.c +++ b/iconv/gconv_db.c @@ -318,9 +318,14 @@ gen_steps (struct derivation_step *best, const char *toset, if (__builtin_expect (status, __GCONV_OK) != __GCONV_OK) { failed = 1; - /* Make sure we unload this modules. */ - --step_cnt; + /* Do not call the end function because the init + function has failed. */ result[step_cnt].__end_fct = NULL; +# ifdef PTR_MANGLE + PTR_MANGLE (result[step_cnt].__end_fct); +# endif + /* Make sure we unload this module. */ + --step_cnt; break; } } |