diff options
| author | H.J. Lu <hjl.tools@gmail.com> | 2024-05-25 05:13:41 -0700 |
|---|---|---|
| committer | H.J. Lu <hjl.tools@gmail.com> | 2024-05-27 06:52:45 -0700 |
| commit | f981bf6b9db87e0732b46bfe92fdad4d363225e8 (patch) | |
| tree | 83ca2629f374ce38a59ccffbe21bf02227756778 | |
| parent | ab46c6ba6cc43b18daea6f197030e19303c9f012 (diff) | |
| download | glibc-f981bf6b9db87e0732b46bfe92fdad4d363225e8.zip glibc-f981bf6b9db87e0732b46bfe92fdad4d363225e8.tar.gz glibc-f981bf6b9db87e0732b46bfe92fdad4d363225e8.tar.bz2 | |
parse_fdinfo: Don't advance pointer twice [BZ #31798]
pidfd_getpid.c has
/* Ignore invalid large values. */
if (INT_MULTIPLY_WRAPV (10, n, &n)
|| INT_ADD_WRAPV (n, *l++ - '0', &n))
return -1;
For GCC older than GCC 7, INT_ADD_WRAPV(a, b, r) is defined as
_GL_INT_OP_WRAPV (a, b, r, +, _GL_INT_ADD_RANGE_OVERFLOW)
and *l++ - '0' is evaluated twice. Fix BZ #31798 by moving "l++" out of
the if statement. Tested with GCC 6.4 and GCC 14.1.
Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
| -rw-r--r-- | sysdeps/unix/sysv/linux/pidfd_getpid.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sysdeps/unix/sysv/linux/pidfd_getpid.c b/sysdeps/unix/sysv/linux/pidfd_getpid.c index ebcbe8f..6967477 100644 --- a/sysdeps/unix/sysv/linux/pidfd_getpid.c +++ b/sysdeps/unix/sysv/linux/pidfd_getpid.c @@ -74,8 +74,10 @@ parse_fdinfo (const char *l, void *arg) /* Ignore invalid large values. */ if (INT_MULTIPLY_WRAPV (10, n, &n) - || INT_ADD_WRAPV (n, *l++ - '0', &n)) + || INT_ADD_WRAPV (n, *l - '0', &n)) return -1; + + l++; } /* -1 indicates that the process is terminated. */ |