This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [patch] Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern
- From: Florian Weimer <fweimer at redhat dot com>
- To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>, GLIBC Devel <libc-alpha at sourceware dot org>
- Date: Mon, 02 Mar 2015 14:18:10 +0100
- Subject: Re: [patch] Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern
- Authentication-results: sourceware.org; auth=none
- References: <CALoOobOKfc9XKEQMbv9uwXTEaer-t=d1FwfOMv61YAOBUBV3_A at mail dot gmail dot com>
On 02/28/2015 06:25 AM, Paul Pluzhnikov wrote:
> else if ((*p == L('?') || *p == L('*') || *p == L('+') || *p == L('@')
> || *p == L('!')) && p[1] == L('('))
> - p = END (p + 1);
> + {
> + p = END (p + 1);
> + if (*p == L('\0'))
> + /* This is an invalid pattern. */
> + return pattern;
> + }
Okay to commit if you have checked that the test case actually tests the
bug. Thanks.
--
Florian Weimer / Red Hat Product Security