This is the mail archive of the
glibc-cvs@sourceware.org
mailing list for the glibc project.
GNU C Library master sources branch master updated. glibc-2.16-ports-merge-276-g60160d8
- From: jsm28 at sourceware dot org
- To: glibc-cvs at sourceware dot org
- Date: 4 Sep 2012 11:24:57 -0000
- Subject: GNU C Library master sources branch master updated. glibc-2.16-ports-merge-276-g60160d8
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, master has been updated
via 60160d83a09c659d8d9338b210ff92be77cc87d5 (commit)
from bcd6c8dc64e8fdd6906018ca5e8913e2f111a023 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
http://sources.redhat.com/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=60160d83a09c659d8d9338b210ff92be77cc87d5
commit 60160d83a09c659d8d9338b210ff92be77cc87d5
Author: Joseph Myers <joseph@codesourcery.com>
Date: Tue Sep 4 11:24:43 2012 +0000
Fix iogetdelim.c (latent) integer overflow (bug 9914).
diff --git a/ChangeLog b/ChangeLog
index 89e60c0..9a041eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2012-09-04 Joseph Myers <joseph@codesourcery.com>
+
+ [BZ #9914]
+ * libio/iogetdelim.c: Include <limits.h>.
+ (_IO_getdelim): Avoid integer overflow in testing whether cur_len
+ + len + 1 would overflow.
+
2012-09-03 Andreas Jaeger <aj@suse.de>
* sysdeps/x86_64/fpu/libm-test-ulps: Update.
diff --git a/NEWS b/NEWS
index e0dcdf4..9a58c6d 100644
--- a/NEWS
+++ b/NEWS
@@ -9,10 +9,10 @@ Version 2.17
* The following bugs are resolved with this release:
- 3479, 5400, 6778, 6808, 9685, 11607, 13412, 13717, 13696, 13939, 14042,
- 14090, 14166, 14150, 14151, 14154, 14157, 14166, 14173, 14195, 14252,
- 14283, 14298, 14303, 14307, 14328, 14331, 14336, 14337, 14347, 14349,
- 14459, 14476, 14505, 14516, 14519, 14532, 14538
+ 3479, 5400, 6778, 6808, 9685, 9914, 11607, 13412, 13717, 13696, 13939,
+ 14042, 14090, 14166, 14150, 14151, 14154, 14157, 14166, 14173, 14195,
+ 14252, 14283, 14298, 14303, 14307, 14328, 14331, 14336, 14337, 14347,
+ 14349, 14459, 14476, 14505, 14516, 14519, 14532, 14538
* Support for STT_GNU_IFUNC symbols added for s390 and s390x.
Optimized versions of memcpy, memset, and memcmp added for System z10 and
diff --git a/libio/iogetdelim.c b/libio/iogetdelim.c
index 405b65f..bf4b0f7 100644
--- a/libio/iogetdelim.c
+++ b/libio/iogetdelim.c
@@ -29,6 +29,7 @@
#include "libioP.h"
#include <string.h>
#include <errno.h>
+#include <limits.h>
/* Read up to (and including) a TERMINATOR from FP into *LINEPTR
(and null-terminate it). *LINEPTR is a pointer returned from malloc (or
@@ -89,7 +90,7 @@ _IO_getdelim (lineptr, n, delimiter, fp)
t = (char *) memchr ((void *) fp->_IO_read_ptr, delimiter, len);
if (t != NULL)
len = (t - fp->_IO_read_ptr) + 1;
- if (__builtin_expect (cur_len + len + 1 < 0, 0))
+ if (__builtin_expect (len >= SSIZE_MAX - cur_len, 0))
{
__set_errno (EOVERFLOW);
result = -1;
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 7 +++++++
NEWS | 8 ++++----
libio/iogetdelim.c | 3 ++-
3 files changed, 13 insertions(+), 5 deletions(-)
hooks/post-receive
--
GNU C Library master sources