summaryrefslogtreecommitdiff
path: root/arch/i386/bits/io.h
diff options
context:
space:
mode:
authorRich Felker <dalias@aerifal.cx>2017-01-02 19:47:12 -0500
committerRich Felker <dalias@aerifal.cx>2017-01-02 19:47:12 -0500
commit769f53598e781ffc89191520f3f8a93cb58db91f (patch)
tree47c26bac9a6a34937f8afe15bbed32140c3bed6f /arch/i386/bits/io.h
parent61fb81e3959ecf0848eef8d2767bb80ae5d1a68e (diff)
downloadmusl-769f53598e781ffc89191520f3f8a93cb58db91f.tar.gz
musl-769f53598e781ffc89191520f3f8a93cb58db91f.tar.bz2
musl-769f53598e781ffc89191520f3f8a93cb58db91f.tar.xz
musl-769f53598e781ffc89191520f3f8a93cb58db91f.zip
make globfree safe after failed glob from over-length argument
commit 0dc99ac413d8bc054a2e95578475c7122455eee8 added input length checking to avoid unsafe VLA allocation, but put it in the wrong place, before the glob_t structure was zeroed out. while POSIX isn't clear on whether it's permitted to call globfree after glob failed with GLOB_NOSPACE, making it safe is clearly better than letting uninitialized pointers get passed to free in non-conforming callers. while we're fixing this, change strlen check to the idiomatic strnlen version to avoid unbounded input scanning before returning an error.
Diffstat (limited to 'arch/i386/bits/io.h')
0 files changed, 0 insertions, 0 deletions