This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [patch] Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern

From: Florian Weimer <fweimer at redhat dot com>
To: Paul Pluzhnikov <ppluzhnikov at gmail dot com>, GLIBC Devel <libc-alpha at sourceware dot org>
Date: Mon, 02 Mar 2015 14:18:10 +0100
Subject: Re: [patch] Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern
Authentication-results: sourceware.org; auth=none
References: <CALoOobOKfc9XKEQMbv9uwXTEaer-t=d1FwfOMv61YAOBUBV3_A at mail dot gmail dot com>

On 02/28/2015 06:25 AM, Paul Pluzhnikov wrote:
>      else if ((*p == L('?') || *p == L('*') || *p == L('+') || *p == L('@')
>  	      || *p == L('!')) && p[1] == L('('))
> -      p = END (p + 1);
> +      {
> +	p = END (p + 1);
> +	if (*p == L('\0'))
> +	  /* This is an invalid pattern.  */
> +	  return pattern;
> +      }

Okay to commit if you have checked that the test case actually tests the
bug.  Thanks.

-- 
Florian Weimer / Red Hat Product Security

Follow-Ups:
- Re: [patch] Fix BZ 18036 buffer overflow (read past end of buffer) in internal_fnmatch=>end_pattern
  - From: Paul Pluzhnikov

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]