This is the mail archive of the
glibc-bugs@sourceware.org
mailing list for the glibc project.
[Bug libc/22786] Stack buffer overflow in realpath() if input size is close to SSIZE_MAX
- From: "cvs-commit at gcc dot gnu.org" <sourceware-bugzilla at sourceware dot org>
- To: glibc-bugs at sourceware dot org
- Date: Thu, 17 May 2018 12:43:57 +0000
- Subject: [Bug libc/22786] Stack buffer overflow in realpath() if input size is close to SSIZE_MAX
- Auto-submitted: auto-generated
- References: <bug-22786-131@http.sourceware.org/bugzilla/>
https://sourceware.org/bugzilla/show_bug.cgi?id=22786
--- Comment #4 from cvs-commit at gcc dot gnu.org <cvs-commit at gcc dot gnu.org> ---
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".
The branch, release/2.26/master has been updated
via af7519f7b35024224c163e32a89fb247b0c446fc (commit)
from 365722ace6c9bad3167804fa8f12884eafae6d8f (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=af7519f7b35024224c163e32a89fb247b0c446fc
commit af7519f7b35024224c163e32a89fb247b0c446fc
Author: Paul Pluzhnikov <ppluzhnikov@google.com>
Date: Tue May 8 18:12:41 2018 -0700
Fix path length overflow in realpath [BZ #22786]
Integer addition overflow may cause stack buffer overflow
when realpath() input length is close to SSIZE_MAX.
2018-05-09 Paul Pluzhnikov <ppluzhnikov@google.com>
[BZ #22786]
* stdlib/canonicalize.c (__realpath): Fix overflow in path length
computation.
* stdlib/Makefile (test-bz22786): New test.
* stdlib/test-bz22786.c: New test.
(cherry picked from commit 5460617d1567657621107d895ee2dd83bc1f88f2)
-----------------------------------------------------------------------
Summary of changes:
ChangeLog | 8 ++++
NEWS | 1 +
stdlib/Makefile | 2 +-
stdlib/canonicalize.c | 2 +-
stdlib/test-bz22786.c | 90 +++++++++++++++++++++++++++++++++++++++++++++++++
5 files changed, 101 insertions(+), 2 deletions(-)
create mode 100644 stdlib/test-bz22786.c
--
You are receiving this mail because:
You are on the CC list for the bug.