From 9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a Mon Sep 17 00:00:00 2001
From: Adhemerval Zanella <azanella@linux.vnet.ibm.com>
Date: Fri, 5 Dec 2014 07:41:22 -0500
Subject: libio: Fix buffer overrun in tst-ftell-active-handler

On 'do_ftell_test' the code:

365           if (test_modes[i].fd_mode != O_WRONLY)
366             {
367               char tmpbuf[data_len];
368
369               rewind (fp);
370
371               while (fgets_func (tmpbuf, sizeof (tmpbuf), fp) && !feof (fp));

The 'data_len' is calculated with wsclen and allocated as 'char'.  The
subsequent fgetws will then try to write at most 'data_len' wchar_t
in a buffer with just data_len 'char'.  This patch fixes it by
allocating the tmpbuf using 'wchar_t' * data_len bytes.
---
 ChangeLog | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'ChangeLog')

diff --git a/ChangeLog b/ChangeLog
index f3dc8421fd..fede1bbcec 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-12-05  Adhemerval Zanella  <azanella@linux.vnet.ibm.com>
+
+	* libio/tst-ftell-active-handler.c (do_ftell_test): Fix buffer overrun
+	for wide-character tests.
+
 2014-12-04  Roland McGrath  <roland@hack.frob.com>
 
 	* io/openat64.c: #include <libc-internal.h>
-- 
cgit 1.4.1