summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAdhemerval Zanella <adhemerval.zanella@linaro.org>2017-12-19 14:27:09 -0200
committerAdhemerval Zanella <adhemerval.zanella@linaro.org>2017-12-19 15:52:12 -0200
commitd711a00f93fa964f41a53839228598fbf1a6b482 (patch)
treee3134a0dd41c5a72036c8534a79cd3f0dd132a78
parent6f58c10dedc6f3be2b537e15219c4dfe49163d8e (diff)
downloadglibc-d711a00f93fa964f41a53839228598fbf1a6b482.tar.gz
glob: pacify fuzzer for mempcpy
Problem reported by Tim Rühsen [1]. Sync with gnulib 0e14f025d2. [1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html Checked on x86_64-linux-gnu. * lib/glob.c (glob): Do not pass NULL to mempcpy. Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
-rw-r--r--ChangeLog4
-rw-r--r--posix/glob.c7
2 files changed, 9 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index ae5cc39f65..af450546eb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,7 @@
+2017-12-19 Adhemerval Zanella <adhemerval.zanella@linaro.org>
+
+ * lib/glob.c (glob): Do not pass NULL to mempcpy.
+
2017-12-19 Joseph Myers <joseph@codesourcery.com>
* sysdeps/x86_64/fpu/libm-test-ulps: Update.
diff --git a/posix/glob.c b/posix/glob.c
index cb39779d07..511ec4bbc0 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+ char *d;
if (__glibc_unlikely (malloc_dirname))
free (dirname);
@@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
}
malloc_dirname = 1;
}
- *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
- end_name, rest_len)) = '\0';
+ d = mempcpy (dirname, p->pw_dir, home_len);
+ if (end_name != NULL)
+ d = mempcpy (d, end_name, rest_len);
+ *d = '\0';
dirlen = home_len + rest_len;
dirname_modified = 1;