From c2c6d39fab901c97c18fa3a3a3658d9dc3f7df61 Mon Sep 17 00:00:00 2001 From: Paul Pluzhnikov Date: Mon, 2 Mar 2015 13:34:22 -0800 Subject: Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch --- posix/fnmatch_loop.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'posix/fnmatch_loop.c') diff --git a/posix/fnmatch_loop.c b/posix/fnmatch_loop.c index 72c5d8f041..f46c9dfedb 100644 --- a/posix/fnmatch_loop.c +++ b/posix/fnmatch_loop.c @@ -1036,7 +1036,12 @@ END (const CHAR *pattern) } else if ((*p == L('?') || *p == L('*') || *p == L('+') || *p == L('@') || *p == L('!')) && p[1] == L('(')) - p = END (p + 1); + { + p = END (p + 1); + if (*p == L('\0')) + /* This is an invalid pattern. */ + return pattern; + } else if (*p == L(')')) break; -- cgit 1.4.1