diff options
author | Andreas Schwab <schwab@suse.de> | 2018-07-24 18:02:28 +0200 |
---|---|---|
committer | Andreas Schwab <schwab@suse.de> | 2018-07-25 10:50:03 +0200 |
commit | 9c79cec8cd2a6996a73aa83d79b360ffd4bebde6 (patch) | |
tree | ddebd7034d3a0abdc8054bfeb627673adc15d383 | |
parent | 969c3355069215f1c1cad800a822d0b303fdc1fa (diff) | |
download | glibc-9c79cec8cd2a6996a73aa83d79b360ffd4bebde6.zip glibc-9c79cec8cd2a6996a73aa83d79b360ffd4bebde6.tar.gz glibc-9c79cec8cd2a6996a73aa83d79b360ffd4bebde6.tar.bz2 |
Fix out of bounds access in findidxwc (bug 23442)
If usrc is a prefix of cp but one character shorter an out of bounds
access to usrc was done.
-rw-r--r-- | ChangeLog | 6 | ||||
-rw-r--r-- | locale/weightwc.h | 6 |
2 files changed, 9 insertions, 3 deletions
@@ -1,3 +1,9 @@ +2018-07-25 Andreas Schwab <schwab@suse.de> + + [BZ #23442] + * locale/weightwc.h (findidx): Handle the case where usrc is a + prefix of cp but one character too short. + 2018-07-24 Adhemerval Zanella <adhemerval.zanella@linaro.org> * NEWS: Add ISO C threads addition. diff --git a/locale/weightwc.h b/locale/weightwc.h index 36c65b5..7ee335d 100644 --- a/locale/weightwc.h +++ b/locale/weightwc.h @@ -109,7 +109,7 @@ findidx (const int32_t *table, break; DIAG_POP_NEEDS_COMMENT; - if (cnt < nhere - 1) + if (cnt < nhere - 1 || cnt == len) { cp += 2 * nhere; continue; @@ -121,14 +121,14 @@ findidx (const int32_t *table, same reason as described above. */ DIAG_PUSH_NEEDS_COMMENT; DIAG_IGNORE_Os_NEEDS_COMMENT (7, "-Wmaybe-uninitialized"); - if (cp[nhere - 1] > usrc[nhere -1]) + if (cp[nhere - 1] > usrc[nhere - 1]) { cp += 2 * nhere; continue; } DIAG_POP_NEEDS_COMMENT; - if (cp[2 * nhere - 1] < usrc[nhere -1]) + if (cp[2 * nhere - 1] < usrc[nhere - 1]) { cp += 2 * nhere; continue; |