This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
[PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
- From: OndÅej BÃlka <neleai at seznam dot cz>
- To: jsm28 at gcc dot gnu dot org
- Cc: libc-alpha at sourceware dot org
- Date: Mon, 14 Oct 2013 14:57:51 +0200
- Subject: [PATCH][BZ #15672] Fix error_tail overflow in allocation calculation.
- Authentication-results: sourceware.org; auth=none
Hi,
In this bug checking for overflow was wrong as we do not allocate len but
len * sizeof (wchar_t) bytes.
OK to commit?
[BZ #15672]
* misc/error.c (error_tail): Fix possible buffer overflow.
diff --git a/misc/error.c b/misc/error.c
index c8e62cf..408a1ab 100644
--- a/misc/error.c
+++ b/misc/error.c
@@ -165,7 +165,7 @@ error_tail (int status, int errnum, const char *message, va_list args)
if (res != len)
break;
- if (__builtin_expect (len >= SIZE_MAX / 2, 0))
+ if (__builtin_expect (len * sizeof (wchar_t) >= SIZE_MAX / 2, 0))
{
/* This really should not happen if everything is fine. */
res = (size_t) -1;