This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ #18043 (comment #19)

From: Mike Frysinger <vapier at gentoo dot org>
To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>
Cc: GLIBC Devel <libc-alpha at sourceware dot org>
Date: Mon, 9 Mar 2015 22:20:14 -0400
Subject: Re: [patch] Fix BZ #18043 (comment #19)
Authentication-results: sourceware.org; auth=none
References: <CALoOobMPSPO3B3kO8XCGfg7kLHqYCM8h6X_o_D2Pos2yGKn5rw at mail dot gmail dot com>

On 09 Mar 2015 16:13, Paul Pluzhnikov wrote:
> Calling 'setenv(..., NULL, 1)' invokes undefined behavior.
> 
> Unfortunately, wordexp() itself does it, triggering subsequent buffer overflow.
> See http://sourceware.org/bugzilla/show_bug.cgi?id=18043#c19.
> 
> Attached trivial patch stops wordexp from doing that.

lgtm
-mike

Attachment: signature.asc
Description: Digital signature

References:
- [patch] Fix BZ #18043 (comment #19)
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]