This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/2459] Use of uninitialised variable in fnmatch when matching long strings
- From: "jakub at redhat dot com" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sources dot redhat dot com
- Date: 14 Mar 2006 15:23:35 -0000
- Subject: [Bug libc/2459] Use of uninitialised variable in fnmatch when matching long strings
- References: <20060314145801.2459.richard@ex-parrot.com>
- Reply-to: sourceware-bugzilla at sourceware dot org
------- Additional Comments From jakub at redhat dot com 2006-03-14 15:23 -------
glibc-2_3-branch has:
#ifdef _LIBC
n = strnlen (string, 1024);
#else
n = strlen (string);
#endif
p = string;
if (__builtin_expect (n < 1024, 1))
{
wstring = (wchar_t *) alloca ((n + 1) * sizeof (wchar_t));
n = mbsrtowcs (wstring, &p, n + 1, &ps);
if (__builtin_expect (n == (size_t) -1, 0))
/* Something wrong.
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
return -1;
if (p)
memset (&ps, '\0', sizeof (ps));
}
if (__builtin_expect (p != NULL, 0))
{
n = mbsrtowcs (NULL, &string, 0, &ps);
if (__builtin_expect (n == (size_t) -1, 0))
/* Something wrong.
XXX Do we have to set `errno' to something which mbsrtows hasn't
already done? */
return -1;
wstring = (wchar_t *) alloca ((n + 1) * sizeof (wchar_t));
assert (mbsinit (&ps));
(void) mbsrtowcs (wstring, &string, n + 1, &ps);
}
return internal_fnwmatch (wpattern, wstring, wstring + n,
flags & FNM_PERIOD, flags);
No try_singlebyte label and I don't see how can wstring end up being
uninitialized (well, GCC will warn, but that's GCC deficiency).
--
http://sourceware.org/bugzilla/show_bug.cgi?id=2459
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.