aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog4
-rw-r--r--libio/iogetdelim.c10
2 files changed, 12 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 878af27..171a4bc 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
2005-10-13 Ulrich Drepper <drepper@redhat.com>
+ [BZ #1405]
+ * libio/iogetdelim.c (_IO_getdelim): Fix truncation of return
+ value. Avoid overflow in computation.
+
[BZ #1373]
* argp/argp.h: Remove __NTH for __argp_usage inline function.
diff --git a/libio/iogetdelim.c b/libio/iogetdelim.c
index 3d0c976..a362bf9 100644
--- a/libio/iogetdelim.c
+++ b/libio/iogetdelim.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1994,1996,1997,1998,2001,2003 Free Software Foundation, Inc.
+/* Copyright (C) 1994,1996-1998,2001,2003,2005 Free Software Foundation, Inc.
This file is part of the GNU C Library.
The GNU C Library is free software; you can redistribute it and/or
@@ -45,7 +45,7 @@ _IO_getdelim (lineptr, n, delimiter, fp)
int delimiter;
_IO_FILE *fp;
{
- int result;
+ _IO_ssize_t result;
_IO_ssize_t cur_len = 0;
_IO_ssize_t len;
@@ -91,6 +91,12 @@ _IO_getdelim (lineptr, n, delimiter, fp)
t = (char *) memchr ((void *) fp->_IO_read_ptr, delimiter, len);
if (t != NULL)
len = (t - fp->_IO_read_ptr) + 1;
+ if (__builtin_expect (cur_len + len + 1 < 0, 0))
+ {
+ __set_errno (EOVERFLOW);
+ result = -1;
+ goto unlock_return;
+ }
/* Make enough space for len+1 (for final NUL) bytes. */
needed = cur_len + len + 1;
if (needed > *n)