From 8ff5e0ec497613e578219c9c3d49053c550b9269 Mon Sep 17 00:00:00 2001
From: Zack Weinberg <zackw@panix.com>
Date: Fri, 14 Aug 2015 09:21:44 -0400
Subject: stpncpy: fix size checking [BZ #18975]

I think the last clause of the conditional,

	|| __n <= __bos (__dest)

may be backward.  The code should call the runtime-checking function
if __n is not constant, or if __n is known to be LARGER than the size
of the destination.
---
 ChangeLog | 10 ++++++++++
 1 file changed, 10 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index f510bea1bd..67d3517f88 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-08-15  Zack Weinberg  <zackw@panix.com>
+
+	[BZ #18975]
+	* string/bits/string3.h (stpncpy): Call __stpncpy_chk if the
+	buffer length is known to be too large, not if it's known to be
+	small enough.
+	* debug/tst-chk1.c (do_test): Do all tests for catching a buffer
+	overflow at runtime, involving a length parameter, twice: once
+	with a compile-time constant length parameter, once without.
+
 2015-08-14  Joseph Myers  <joseph@codesourcery.com>
 
 	[BZ #18824]
-- 
cgit 1.4.1