diff options
| author | Florian Weimer <fweimer@redhat.com> | 2023-12-04 06:35:56 +0100 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2023-12-04 06:35:56 +0100 |
| commit | b9390ba93676c4b1e87e218af5e7e4bb596312ac (patch) | |
| tree | f694a007f883e7234e2f698b3f508a9cf1f9a600 /stdlib/qsort.c | |
| parent | d776a59723b22192d33557d2127e13cb31905382 (diff) | |
| download | glibc-b9390ba93676c4b1e87e218af5e7e4bb596312ac.tar.gz glibc-b9390ba93676c4b1e87e218af5e7e4bb596312ac.tar.xz glibc-b9390ba93676c4b1e87e218af5e7e4bb596312ac.zip | |
stdlib: Fix array bounds protection in insertion sort phase of qsort
The previous check did not do anything because tmp_ptr already
points before run_ptr due to the way it is initialized.
Fixes commit e4d8117b82065dc72e8df80097360e7c05a349b9
("stdlib: Avoid another self-comparison in qsort").
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'stdlib/qsort.c')
| -rw-r--r-- | stdlib/qsort.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/stdlib/qsort.c b/stdlib/qsort.c index be01fb5598..62477010b6 100644 --- a/stdlib/qsort.c +++ b/stdlib/qsort.c @@ -238,7 +238,7 @@ insertion_sort_qsort_partitions (void *const pbase, size_t total_elems, while ((run_ptr += size) <= end_ptr) { tmp_ptr = run_ptr - size; - while (run_ptr != tmp_ptr && cmp (run_ptr, tmp_ptr, arg) < 0) + while (tmp_ptr != base_ptr && cmp (run_ptr, tmp_ptr, arg) < 0) tmp_ptr -= size; tmp_ptr += size; |