From 9ce3b2cbd245abedc6cff147a1b91566e340edb1 Mon Sep 17 00:00:00 2001 From: Andreas Jaeger Date: Mon, 29 Apr 2013 21:02:16 +0200 Subject: [PATCH] BZ#15380: Fix initstate error return [BZ #15380] * stdlib/random.c (__initstate): Return NULL if __initstate fails. --- ChangeLog | 4 ++++ NEWS | 2 +- stdlib/random.c | 5 +++-- 3 files changed, 8 insertions(+), 3 deletions(-) diff --git a/ChangeLog b/ChangeLog index bf4500a31f..ad58947f46 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,9 @@ 2013-04-29 Andreas Jaeger + [BZ #15380] + * stdlib/random.c (__initstate): Return NULL if + __initstate fails. + [BZ# 15086] * resolv/res_debug.c (p_option): Handle RES_NOALIASES, RES_KEEPTSIG, RES_BLAST, RES_NOIP6DOTINT, RES_SNGLKUP, diff --git a/NEWS b/NEWS index 0a8e622df5..e0d3d746ef 100644 --- a/NEWS +++ b/NEWS @@ -15,7 +15,7 @@ Version 2.18 15006, 15007, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15086, 15160, 15214, 15221, 15232, 15234, 15283, 15285, 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, 15342, 15346, 15361, - 15366, 15394, 15405, 15406, 15409. + 15366, 15380, 15394, 15405, 15406, 15409. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/stdlib/random.c b/stdlib/random.c index 3ed610dd9c..967dec3539 100644 --- a/stdlib/random.c +++ b/stdlib/random.c @@ -234,16 +234,17 @@ __initstate (seed, arg_state, n) size_t n; { int32_t *ostate; + int ret; __libc_lock_lock (lock); ostate = &unsafe_state.state[-1]; - __initstate_r (seed, arg_state, n, &unsafe_state); + ret = __initstate_r (seed, arg_state, n, &unsafe_state); __libc_lock_unlock (lock); - return (char *) ostate; + return ret == -1 ? NULL : (char *) ostate; } weak_alias (__initstate, initstate) -- 2.43.5