libio: Fix buffer overrun in tst-ftell-active-handler - mirror/glibc - mirror of git://sourceware.org/git/glibc.git

diff options

author	Adhemerval Zanella <azanella@linux.vnet.ibm.com>	2014-12-05 07:41:22 -0500
committer	Adhemerval Zanella <azanella@linux.vnet.ibm.com>	2014-12-05 07:41:22 -0500
commit	9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a (patch)
tree	8584d933eb5bed98af8b3784a1b3f785c9df8b36 /nptl/pthread_rwlock_timedwrlock.c
parent	4bee4cd9593610ac1204529076591871b1143c7e (diff)
download	glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.tar.gz glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.tar.xz glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.zip

libio: Fix buffer overrun in tst-ftell-active-handler

On 'do_ftell_test' the code:

365           if (test_modes[i].fd_mode != O_WRONLY)
366             {
367               char tmpbuf[data_len];
368
369               rewind (fp);
370
371               while (fgets_func (tmpbuf, sizeof (tmpbuf), fp) && !feof (fp));

The 'data_len' is calculated with wsclen and allocated as 'char'.  The
subsequent fgetws will then try to write at most 'data_len' wchar_t
in a buffer with just data_len 'char'.  This patch fixes it by
allocating the tmpbuf using 'wchar_t' * data_len bytes.

Diffstat (limited to 'nptl/pthread_rwlock_timedwrlock.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: