diff options
| author | George Matsumura <gm960420@ohio.edu> | 2022-02-19 21:47:38 -0500 |
|---|---|---|
| committer | A. Wilcox <awilcox@wilcox-tech.com> | 2022-10-06 03:24:14 +0000 |
| commit | 244110e63612999d2dfe649581fce8a359c470a9 (patch) | |
| tree | aed29e0aa00befa9b94601637c7277263a2c0063 /libgcompat/misc.c | |
| parent | c6921a1aa454bb87671f9bd1ecfe47d80d1620aa (diff) | |
| download | gcompat-244110e63612999d2dfe649581fce8a359c470a9.tar.gz gcompat-244110e63612999d2dfe649581fce8a359c470a9.tar.bz2 gcompat-244110e63612999d2dfe649581fce8a359c470a9.tar.xz gcompat-244110e63612999d2dfe649581fce8a359c470a9.zip | |
random_r: fix null dereference when passed uninitialized buf
Previously, initstate_r would attempt to pack the n, i, and j
values into the state array pointed to by the x member value of
buf, which would cause access to an invalid region of memory when
buf was uninitialized. However, packing the values into the state
array was required when buf was initialized, as otherwise the
values of n, i, and j would not be saved. Critically, initstate_r
had no means by which to distinguish between an uninitialized and
initialized buf struct.
This change makes the random_r and srandom_r do the packing and
unpacking of the n, i, and j values instead. This does lead to a
somewhat more inefficient algorithm, but preserves compatibility
in case setstate_r is passed a state array that was initialized
with the normal initstate function.
Signed-off-by: George Matsumura <gm960420@ohio.edu>
Diffstat (limited to 'libgcompat/misc.c')
0 files changed, 0 insertions, 0 deletions