diff options
author | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2017-12-19 14:27:09 -0200 |
---|---|---|
committer | Adhemerval Zanella <adhemerval.zanella@linaro.org> | 2017-12-19 15:52:12 -0200 |
commit | d711a00f93fa964f41a53839228598fbf1a6b482 (patch) | |
tree | e3134a0dd41c5a72036c8534a79cd3f0dd132a78 /posix | |
parent | 6f58c10dedc6f3be2b537e15219c4dfe49163d8e (diff) | |
download | glibc-d711a00f93fa964f41a53839228598fbf1a6b482.zip glibc-d711a00f93fa964f41a53839228598fbf1a6b482.tar.gz glibc-d711a00f93fa964f41a53839228598fbf1a6b482.tar.bz2 |
glob: pacify fuzzer for mempcpy
Problem reported by Tim Rühsen [1]. Sync with gnulib 0e14f025d2.
[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
Checked on x86_64-linux-gnu.
* lib/glob.c (glob): Do not pass NULL to mempcpy.
Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
Diffstat (limited to 'posix')
-rw-r--r-- | posix/glob.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/posix/glob.c b/posix/glob.c index cb39779..511ec4b 100644 --- a/posix/glob.c +++ b/posix/glob.c @@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int), { size_t home_len = strlen (p->pw_dir); size_t rest_len = end_name == NULL ? 0 : strlen (end_name); + char *d; if (__glibc_unlikely (malloc_dirname)) free (dirname); @@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int), } malloc_dirname = 1; } - *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len), - end_name, rest_len)) = '\0'; + d = mempcpy (dirname, p->pw_dir, home_len); + if (end_name != NULL) + d = mempcpy (d, end_name, rest_len); + *d = '\0'; dirlen = home_len + rest_len; dirname_modified = 1; |