This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug stdio/15362] fwrite() may read beyond end of specified buffer


https://sourceware.org/bugzilla/show_bug.cgi?id=15362

Siddhesh Poyarekar <siddhesh at redhat dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Siddhesh Poyarekar <siddhesh at redhat dot com> ---
Fixed in master:

commit 3d110c7c6e6549bd4124fce49cdc672f9e449799
Author: Eric Biggers <ebiggers3@gmail.com>
Date:   Fri Oct 11 22:29:38 2013 +0530

    Fix fwrite() reading beyond end of buffer in error path

    Partially revert commits 2b766585f9b4ffabeef2f36200c275976b93f2c7 and
    de2fd463b1c0310d75084b6d774fb974075a4ad9, which were intended to fix
BZ#11741
    but caused another, likely worse bug, namely that fwrite() and fputs()
could,
    in an error path, read data beyond the end of the specified buffer, and
    potentially even write this data to the file.

    Fix BZ#11741 properly by checking the return value from _IO_padn() in
    stdio-common/vfprintf.c.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]