about summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2022-10-07 19:37:56 -0400
committerRich Felker <dalias@aerifal.cx>2022-10-19 14:01:32 -0400
commit5ff3eea91fa6bdce25b3a35644433f68e076beca (patch)
tree8353c65c630a186fde7533897518f5ce2d45d32c /src
parentd8f35e29d0e35a90f44c04de585470c211afddf9 (diff)
downloadmusl-5ff3eea91fa6bdce25b3a35644433f68e076beca.tar.gz
musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.tar.xz
musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.zip
fgets: avoid arithmetic overflow when n==INT_MIN is passed
performing n-- is not a safe operation for arbitrary signed input n.
only perform the decrement in the code path where the initial n is
greater than 1, and adjust the condition in the n<=1 code path to
compensate for it not having been decremented.
Diffstat (limited to 'src')
-rw-r--r--src/stdio/fgets.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/stdio/fgets.c b/src/stdio/fgets.c
index 6171f398..4a100b39 100644
--- a/src/stdio/fgets.c
+++ b/src/stdio/fgets.c
@@ -12,13 +12,14 @@ char *fgets(char *restrict s, int n, FILE *restrict f)
 
 	FLOCK(f);
 
-	if (n--<=1) {
+	if (n<=1) {
 		f->mode |= f->mode-1;
 		FUNLOCK(f);
-		if (n) return 0;
+		if (n<1) return 0;
 		*s = 0;
 		return s;
 	}
+	n--;
 
 	while (n) {
 		if (f->rpos != f->rend) {