diff options
author | Rich Felker <dalias@aerifal.cx> | 2016-03-28 23:41:17 -0400 |
---|---|---|
committer | Rich Felker <dalias@aerifal.cx> | 2016-03-28 23:41:17 -0400 |
commit | 6d1a3dfeaf2caac4033a3c65822fb4e7e14866c7 (patch) | |
tree | 4fe0c1142109ff962183ab7c7ab645c99d5db765 /src/stdio | |
parent | 5978eb703ce0e64dd778a88c1ffffb76fe5e2202 (diff) | |
download | musl-6d1a3dfeaf2caac4033a3c65822fb4e7e14866c7.tar.gz musl-6d1a3dfeaf2caac4033a3c65822fb4e7e14866c7.tar.bz2 musl-6d1a3dfeaf2caac4033a3c65822fb4e7e14866c7.tar.xz musl-6d1a3dfeaf2caac4033a3c65822fb4e7e14866c7.zip |
fix undefined pointer comparison in stdio-internal __toread
the comparison f->wpos > f->buf has undefined behavior when f->wpos is
a null pointer, despite the intuition (and actual compiler behavior,
for all known compilers) being that NULL > ptr is false for all valid
pointers ptr.
the purpose of the comparison is to determine if the write buffer is
non-empty, and the idiom used elsewhere for that is comparison against
f->wbase, which is either a null pointer when not writing, or equal to
f->buf when writing. in the former case, both f->wpos and f->wbase are
null; in the latter they are both non-null and point into the same
array.
Diffstat (limited to 'src/stdio')
-rw-r--r-- | src/stdio/__toread.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/stdio/__toread.c b/src/stdio/__toread.c index b08f5bb4..35f67b8f 100644 --- a/src/stdio/__toread.c +++ b/src/stdio/__toread.c @@ -3,7 +3,7 @@ int __toread(FILE *f) { f->mode |= f->mode-1; - if (f->wpos > f->buf) f->write(f, 0, 0); + if (f->wpos > f->wbase) f->write(f, 0, 0); f->wpos = f->wbase = f->wend = 0; if (f->flags & F_NORD) { f->flags |= F_ERR; |