This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[COMMITTED] glob: pacify fuzzer for mempcpy
- From: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- To: libc-alpha at sourceware dot org
- Date: Tue, 19 Dec 2017 16:03:58 -0200
- Subject: [COMMITTED] glob: pacify fuzzer for mempcpy
- Authentication-results: sourceware.org; auth=none
Problem reported by Tim Rühsen [1]. Sync with gnulib 0e14f025d2.
[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
Checked on x86_64-linux-gnu.
* lib/glob.c (glob): Do not pass NULL to mempcpy.
Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
---
ChangeLog | 4 ++++
posix/glob.c | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/posix/glob.c b/posix/glob.c
index cb39779..511ec4b 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+ char *d;
if (__glibc_unlikely (malloc_dirname))
free (dirname);
@@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
}
malloc_dirname = 1;
}
- *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
- end_name, rest_len)) = '\0';
+ d = mempcpy (dirname, p->pw_dir, home_len);
+ if (end_name != NULL)
+ d = mempcpy (d, end_name, rest_len);
+ *d = '\0';
dirlen = home_len + rest_len;
dirname_modified = 1;
--
2.7.4