Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:13.2:Update
glibc
io-wstr-overflow-integer-overflow.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File io-wstr-overflow-integer-overflow.patch of Package glibc
2015-02-22 Paul Pluzhnikov <ppluzhnikov@google.com> [BZ #17269] * libio/wstrops.c (_IO_wstr_overflow): Guard against integer overflow (enlarge_userbuf): Likewise. Index: glibc-2.19/libio/wstrops.c =================================================================== --- glibc-2.19.orig/libio/wstrops.c +++ glibc-2.19/libio/wstrops.c @@ -95,8 +95,11 @@ _IO_wstr_overflow (fp, c) wchar_t *old_buf = fp->_wide_data->_IO_buf_base; size_t old_wblen = _IO_wblen (fp); _IO_size_t new_size = 2 * old_wblen + 100; - if (new_size < old_wblen) + + if (__glibc_unlikely (new_size < old_wblen) + || __glibc_unlikely (new_size > SIZE_MAX / sizeof (wchar_t))) return EOF; + new_buf = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (new_size * sizeof (wchar_t)); @@ -186,6 +189,9 @@ enlarge_userbuf (_IO_FILE *fp, _IO_off64 return 1; _IO_size_t newsize = offset + 100; + if (__glibc_unlikely (newsize > SIZE_MAX / sizeof (wchar_t))) + return 1; + wchar_t *oldbuf = wd->_IO_buf_base; wchar_t *newbuf = (wchar_t *) (*((_IO_strfile *) fp)->_s._allocate_buffer) (newsize
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor