This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATH] Fix buffer overrun in stdlib/strtod_l.c
- From: Liubov Dmitrieva <liubov dot dmitrieva at gmail dot com>
- To: GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 18 Sep 2013 15:40:41 +0400
- Subject: [PATH] Fix buffer overrun in stdlib/strtod_l.c
- Authentication-results: sourceware.org; auth=none
Here is obvious buffer overrun in num[-1] access was detected thanks
to Intel MPX technology (new memory bound checker I am testing now).
http://software.intel.com/en-us/blogs/2013/07/22/intel-memory-protection-extensions-intel-mpx-support-in-the-gnu-toolchain
Wrong order in the logical expression.
diff --git a/stdlib/strtod_l.c b/stdlib/strtod_l.c
index 8f60653..90541cd 100644
--- a/stdlib/strtod_l.c
+++ b/stdlib/strtod_l.c
@@ -1752,7 +1752,7 @@ ____STRTOF_INTERNAL (nptr, endptr, group, loc)
got_limb;
}
- for (i = densize; num[i] == 0 && i >= 0; --i)
+ for (i = densize; i >= 0 && num[i] == 0; --i)
;
return round_and_return (retval, exponent - 1, negative,
quot, BITS_PER_MP_LIMB - 1 - used,
ChangeLog:
2013-09-18 Liubov Dmitrieva <liubov.dmitrieva@gmail.com>
* stdlib/strtod_l.c: Fix buffer overrun.
Ok to commit?
--
Liubov
Intel Corporation