This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.

From: OndÅej BÃlka <neleai at seznam dot cz>
To: jsm28 at gcc dot gnu dot org
Cc: libc-alpha at sourceware dot org
Date: Mon, 14 Oct 2013 14:57:51 +0200
Subject: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
Authentication-results: sourceware.org; auth=none

Hi,

In this bug checking for overflow was wrong as we do not allocate len but
len * sizeof (wchar_t) bytes.

OK to commit?

	[BZ #15672]
	* misc/error.c (error_tail): Fix possible buffer overflow.

diff --git a/misc/error.c b/misc/error.c
index c8e62cf..408a1ab 100644
--- a/misc/error.c
+++ b/misc/error.c
@@ -165,7 +165,7 @@ error_tail (int status, int errnum, const char *message, va_list args)
 	  if (res != len)
 	    break;
 
-	  if (__builtin_expect (len >= SIZE_MAX / 2, 0))
+	  if (__builtin_expect (len * sizeof (wchar_t) >= SIZE_MAX / 2, 0))
 	    {
 	      /* This really should not happen if everything is fine.  */
 	      res = (size_t) -1;

Follow-Ups:
- Re: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
  - From: Joseph S. Myers

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]