From 3eed6a6f0a400763313bc5dca6e3b22a75166dbe Mon Sep 17 00:00:00 2001
From: Érico Nogueira <ericonr@disroot.org>
Date: Sat, 10 Jul 2021 00:24:59 -0300
Subject: fix error checking in pthread_getname_np

len is unsigned and can never be smaller than 0. though unlikely, an
error in read() would have lead to an out of bounds write to name.

Reported-by: Michael Forney <mforney@mforney.org>
---
 src/thread/pthread_getname_np.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/thread/pthread_getname_np.c b/src/thread/pthread_getname_np.c
index 48d1a294..85504e45 100644
--- a/src/thread/pthread_getname_np.c
+++ b/src/thread/pthread_getname_np.c
@@ -17,7 +17,7 @@ int pthread_getname_np(pthread_t thread, char *name, size_t len)
 
 	snprintf(f, sizeof f, "/proc/self/task/%d/comm", thread->tid);
 	pthread_setcancelstate(PTHREAD_CANCEL_DISABLE, &cs);
-	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) < 0) status = errno;
+	if ((fd = open(f, O_RDONLY|O_CLOEXEC)) < 0 || (len = read(fd, name, len)) == -1) status = errno;
 	else name[len-1] = 0; /* remove trailing new line only if successful */
 	if (fd >= 0) close(fd);
 	pthread_setcancelstate(cs, 0);
-- 
cgit 1.4.1