diff options
| author | Martin Sebor <msebor@gmail.com> | 2021-03-01 10:35:39 +0530 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2021-03-01 19:34:49 +0530 |
| commit | 764e9a0334350f52ab6953bef1db97f9b2e89ca5 (patch) | |
| tree | c23ec97333d00aa40e7eb680845d645981d1fc40 /libio | |
| parent | 9fb07fd4e1d6cafecd1807b7a92405bad8e39530 (diff) | |
| download | glibc-764e9a0334350f52ab6953bef1db97f9b2e89ca5.zip glibc-764e9a0334350f52ab6953bef1db97f9b2e89ca5.tar.gz glibc-764e9a0334350f52ab6953bef1db97f9b2e89ca5.tar.bz2 | |
Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874)
An experimental build of GCC 11 with an enhanced -Warray-bounds
reports a bug in IO_wdefault_doallocate where the function forms
an invalid past-the-end pointer to an allocated wchar_t buffer
by failingf to consider the scaling by sizeof (wchar_t).
The fix path below corrects this problem. It keeps the buffer
size the same as opposed to increasing it according to what other
code like it does.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'libio')
| -rw-r--r-- | libio/wgenops.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/libio/wgenops.c b/libio/wgenops.c index 3ae6995..106ddfd 100644 --- a/libio/wgenops.c +++ b/libio/wgenops.c @@ -379,12 +379,11 @@ libc_hidden_def (_IO_wdoallocbuf) int _IO_wdefault_doallocate (FILE *fp) { - wchar_t *buf; - - buf = malloc (BUFSIZ); + wchar_t *buf = (wchar_t *)malloc (BUFSIZ); if (__glibc_unlikely (buf == NULL)) return EOF; - _IO_wsetb (fp, buf, buf + BUFSIZ, 1); + + _IO_wsetb (fp, buf, buf + BUFSIZ / sizeof *buf, 1); return 1; } libc_hidden_def (_IO_wdefault_doallocate) |