This is the mail archive of the libc-hacker@sources.redhat.com mailing list for the glibc project.
Note that libc-hacker is a closed list. You may look at the archives of this list, but subscription and posting are not open.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
Hi! The code later does: cp = __mempcpy ((char *) (result + *sz), temp[0].str, temp[0].len); *cp = '/'; and so the final '/' is past the end of the malloced buffer. 2003-03-11 Jakub Jelinek <jakub at redhat dot com> * sysdeps/generic/dl-sysdep.c (_dl_important_hwcaps): If cnt == 1, allocate space even for the trailing '/'. Reported by John Reiser <jreiser at BitWagon dot com>. --- libc/sysdeps/generic/dl-sysdep.c.jj 2003-03-06 12:26:22.000000000 -0500 +++ libc/sysdeps/generic/dl-sysdep.c 2003-03-11 02:34:48.000000000 -0500 @@ -338,7 +338,7 @@ _dl_important_hwcaps (const char *platfo /* Determine the total size of all strings together. */ if (cnt == 1) - total = temp[0].len; + total = temp[0].len + 1; else { total = (1UL << (cnt - 2)) * (temp[0].len + temp[cnt - 1].len + 2); Jakub
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |