From d9db1bc55561a62967494227d84247618d434817 Mon Sep 17 00:00:00 2001
From: Corinna Vinschen <corinna@vinschen.de>
Date: Tue, 22 Feb 2011 15:38:14 +0000
Subject: [PATCH] 	* libc/stdio/fmemopen.c (fmemopen): Fix EINVAL
 condition.  Avoid SEGV 	if incoming buffer is NULL.

---
 newlib/ChangeLog             | 5 +++++
 newlib/libc/stdio/fmemopen.c | 4 ++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/newlib/ChangeLog b/newlib/ChangeLog
index e65008bee..4b48ebf06 100644
--- a/newlib/ChangeLog
+++ b/newlib/ChangeLog
@@ -1,3 +1,8 @@
+2011-02-22  Corinna Vinschen  <vinschen@redhat.com>
+
+	* libc/stdio/fmemopen.c (fmemopen): Fix EINVAL condition.  Avoid SEGV
+	if incoming buffer is NULL.
+
 2011-02-09  Eric Blake  <eblake@redhat.com>
 
 	* libc/include/string.h (strerror_r): Update declaration.
diff --git a/newlib/libc/stdio/fmemopen.c b/newlib/libc/stdio/fmemopen.c
index 4458d2176..5218e8a98 100644
--- a/newlib/libc/stdio/fmemopen.c
+++ b/newlib/libc/stdio/fmemopen.c
@@ -281,7 +281,7 @@ _DEFUN(_fmemopen_r, (ptr, buf, size, mode),
 
   if ((flags = __sflags (ptr, mode, &dummy)) == 0)
     return NULL;
-  if (!size || !(buf || flags & __SAPP))
+  if (!size || !(buf || flags & __SRW))
     {
       ptr->_errno = EINVAL;
       return NULL;
@@ -310,7 +310,7 @@ _DEFUN(_fmemopen_r, (ptr, buf, size, mode),
     {
       /* r+/w+/a+, and no buf: file starts empty.  */
       c->buf = (char *) (c + 1);
-      *(char *) buf = '\0';
+      c->buf[0] = '\0';
       c->pos = c->eof = 0;
       c->append = (flags & __SAPP) != 0;
     }
-- 
2.43.5