diff options
author | Rich Felker <dalias@aerifal.cx> | 2022-10-07 19:37:56 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2022-10-19 14:01:32 -0400 |
commit | 5ff3eea91fa6bdce25b3a35644433f68e076beca (patch) | |
tree | 8353c65c630a186fde7533897518f5ce2d45d32c /src | |
parent | d8f35e29d0e35a90f44c04de585470c211afddf9 (diff) | |
download | musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.tar.gz musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.tar.xz musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.zip |
fgets: avoid arithmetic overflow when n==INT_MIN is passed
performing n-- is not a safe operation for arbitrary signed input n. only perform the decrement in the code path where the initial n is greater than 1, and adjust the condition in the n<=1 code path to compensate for it not having been decremented.
Diffstat (limited to 'src')
-rw-r--r-- | src/stdio/fgets.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/src/stdio/fgets.c b/src/stdio/fgets.c index 6171f398..4a100b39 100644 --- a/src/stdio/fgets.c +++ b/src/stdio/fgets.c @@ -12,13 +12,14 @@ char *fgets(char *restrict s, int n, FILE *restrict f) FLOCK(f); - if (n--<=1) { + if (n<=1) { f->mode |= f->mode-1; FUNLOCK(f); - if (n) return 0; + if (n<1) return 0; *s = 0; return s; } + n--; while (n) { if (f->rpos != f->rend) { |