diff options
author | Rich Felker <dalias@aerifal.cx> | 2012-04-16 13:03:22 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2012-04-16 13:03:22 -0400 |
commit | bef7a85e45ccc4b40958ca6d94894ca0d27e8291 (patch) | |
tree | 1e356f77efee602e3ef9b4fa45de76069482096b | |
parent | f007bb854b0b2d2d12cd45a8feb674fa9abe70b2 (diff) | |
download | musl-bef7a85e45ccc4b40958ca6d94894ca0d27e8291.tar.gz musl-bef7a85e45ccc4b40958ca6d94894ca0d27e8291.tar.xz musl-bef7a85e45ccc4b40958ca6d94894ca0d27e8291.zip |
fix crash in wordfree if we_offs is not initialized by the caller
I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later.
-rw-r--r-- | src/misc/wordexp.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/misc/wordexp.c b/src/misc/wordexp.c index 4a3efc7b..34fc900a 100644 --- a/src/misc/wordexp.c +++ b/src/misc/wordexp.c @@ -82,6 +82,8 @@ static int do_wordexp(const char *s, wordexp_t *we, int flags) if (we->we_offs > SIZE_MAX/sizeof(void *)/4) return WRDE_NOSPACE; i += we->we_offs; + } else { + we->we_offs = 0; } if (pipe(p) < 0) return WRDE_NOSPACE; |