diff options
| author | Florian Weimer <fweimer@redhat.com> | 2016-04-25 14:10:26 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2016-04-25 14:10:26 +0200 |
| commit | fdcf1c9480342d9f5fc2d23f142d621bcb4d00a4 (patch) | |
| tree | 1678f802177bb5f37a058e857a43da5363ab5d8e /stdio-common/vfprintf.c | |
| parent | a5507dfa60a8b92ba52dadabea88e2b5d91da655 (diff) | |
| download | glibc-fdcf1c9480342d9f5fc2d23f142d621bcb4d00a4.tar.gz glibc-fdcf1c9480342d9f5fc2d23f142d621bcb4d00a4.tar.xz glibc-fdcf1c9480342d9f5fc2d23f142d621bcb4d00a4.zip | |
vfprintf: Fix memory with large width and precision [BZ #19931]
Free a previously allocated work buffer if it is not large enough.
Diffstat (limited to 'stdio-common/vfprintf.c')
| -rw-r--r-- | stdio-common/vfprintf.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/stdio-common/vfprintf.c b/stdio-common/vfprintf.c index 6829d4dc8e..f24020a585 100644 --- a/stdio-common/vfprintf.c +++ b/stdio-common/vfprintf.c @@ -1564,6 +1564,11 @@ vfprintf (FILE *s, const CHAR_T *format, va_list ap) prec = 0; if (prec > width && prec > WORK_BUFFER_SIZE - 32) { + /* Deallocate any previously allocated buffer because it is + too small. */ + if (__glibc_unlikely (workstart != NULL)) + free (workstart); + workstart = NULL; if (__glibc_unlikely (prec >= INT_MAX / sizeof (CHAR_T) - 32)) { __set_errno (EOVERFLOW); |