This is the mail archive of the glibc-cvs@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

GNU C Library master sources branch master updated. glibc-2.27.9000-630-g9c79cec

From: schwab at sourceware dot org
To: glibc-cvs at sourceware dot org
Date: 25 Jul 2018 08:50:21 -0000
Subject: GNU C Library master sources branch master updated. glibc-2.27.9000-630-g9c79cec

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "GNU C Library master sources".

The branch, master has been updated
       via  9c79cec8cd2a6996a73aa83d79b360ffd4bebde6 (commit)
      from  969c3355069215f1c1cad800a822d0b303fdc1fa (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
http://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commitdiff;h=9c79cec8cd2a6996a73aa83d79b360ffd4bebde6

commit 9c79cec8cd2a6996a73aa83d79b360ffd4bebde6
Author: Andreas Schwab <schwab@suse.de>
Date:   Tue Jul 24 18:02:28 2018 +0200

    Fix out of bounds access in findidxwc (bug 23442)
    
    If usrc is a prefix of cp but one character shorter an out of bounds
    access to usrc was done.

diff --git a/ChangeLog b/ChangeLog
index 6c22a2f..1163250 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2018-07-25  Andreas Schwab  <schwab@suse.de>
+
+	[BZ #23442]
+	* locale/weightwc.h (findidx): Handle the case where usrc is a
+	prefix of cp but one character too short.
+
 2018-07-24  Adhemerval Zanella  <adhemerval.zanella@linaro.org>
 
 	* NEWS: Add ISO C threads addition.
diff --git a/locale/weightwc.h b/locale/weightwc.h
index 36c65b5..7ee335d 100644
--- a/locale/weightwc.h
+++ b/locale/weightwc.h
@@ -109,7 +109,7 @@ findidx (const int32_t *table,
 	      break;
 	  DIAG_POP_NEEDS_COMMENT;
 
-	  if (cnt < nhere - 1)
+	  if (cnt < nhere - 1 || cnt == len)
 	    {
 	      cp += 2 * nhere;
 	      continue;
@@ -121,14 +121,14 @@ findidx (const int32_t *table,
 	     same reason as described above.  */
 	  DIAG_PUSH_NEEDS_COMMENT;
 	  DIAG_IGNORE_Os_NEEDS_COMMENT (7, "-Wmaybe-uninitialized");
-	  if (cp[nhere - 1] > usrc[nhere -1])
+	  if (cp[nhere - 1] > usrc[nhere - 1])
 	    {
 	      cp += 2 * nhere;
 	      continue;
 	    }
 	  DIAG_POP_NEEDS_COMMENT;
 
-	  if (cp[2 * nhere - 1] < usrc[nhere -1])
+	  if (cp[2 * nhere - 1] < usrc[nhere - 1])
 	    {
 	      cp += 2 * nhere;
 	      continue;

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog         |    6 ++++++
 locale/weightwc.h |    6 +++---
 2 files changed, 9 insertions(+), 3 deletions(-)


hooks/post-receive
-- 
GNU C Library master sources

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]