[glibc] io: Fix use-after-free in ftw [BZ #26779]

Martin Sebor msebor@sourceware.org
Wed Jan 26 02:58:25 GMT 2022


https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=ee52ab25ba875f458981fce22c54e3c04c7a17d3

commit ee52ab25ba875f458981fce22c54e3c04c7a17d3
Author: Martin Sebor <msebor@redhat.com>
Date:   Tue Jan 25 17:39:02 2022 -0700

    io: Fix use-after-free in ftw [BZ #26779]
    
    Reviewed-by: Carlos O'Donell <carlos@redhat.com>

Diff:
---
 io/ftw.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/io/ftw.c b/io/ftw.c
index 2742541f36..94bd5a93e4 100644
--- a/io/ftw.c
+++ b/io/ftw.c
@@ -323,8 +323,9 @@ open_dir_stream (int *dfdp, struct ftw_data *data, struct dir_data *dirp)
 	  buf[actsize++] = '\0';
 
 	  /* Shrink the buffer to what we actually need.  */
-	  data->dirstreams[data->actdir]->content = realloc (buf, actsize);
-	  if (data->dirstreams[data->actdir]->content == NULL)
+	  void *content = realloc (buf, actsize);
+	  data->dirstreams[data->actdir]->content = content;
+	  if (content == NULL)
 	    {
 	      int save_err = errno;
 	      free (buf);


More information about the Glibc-cvs mailing list