This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] getmntent: fix memory corruption w/blank lines [BZ #18887]

From: OndÅej BÃlka <neleai at seznam dot cz>
To: Mike Frysinger <vapier at gentoo dot org>
Cc: libc-alpha at sourceware dot org
Date: Sat, 29 Aug 2015 07:50:16 +0200
Subject: Re: [PATCH] getmntent: fix memory corruption w/blank lines [BZ #18887]
Authentication-results: sourceware.org; auth=none
References: <1440796961-1773-1-git-send-email-vapier at gentoo dot org>

On Fri, Aug 28, 2015 at 05:22:41PM -0400, Mike Frysinger wrote:
> The fix for BZ #17273 added introduced a single byte of memory corruption
> when the line is entirely blank.  It would walk back past the start of the
> buffer if the heap happened to be 0x20 or 0x09 and then write a NUL byte.
> 	buffer = '\n';
> 	end_ptr = buffer;
> 	while (end_ptr[-1] == ' ' || end_ptr[-1] == '\t')
> 		end_ptr--;
> 	*end_ptr = '\0';
> 
> Fix that and rework the tests.  Adding the testcase for BZ #17273 does
> not really make sense as it's unrelated, and leads to confusing behavior:
> it implicitly relies on the new entry being written to the start of the
> file being longer than the previous entry since there is no truncation.
> Instead split it out into its own dedicated testcase.
>
looks ok.

References:
- [PATCH] getmntent: fix memory corruption w/blank lines [BZ #18887]
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]