Mercurial > gnulib
changeset 38899:2ac78e7051fd
glob: pacify fuzzer for mempcpy
Problem reported by Tim Rühsen in:
https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
* lib/glob.c (glob): Do not pass NULL to mempcpy.
author | Paul Eggert <eggert@cs.ucla.edu> |
---|---|
date | Wed, 18 Oct 2017 10:19:35 -0700 |
parents | 4a24c76a18bf |
children | 63c578da3f18 |
files | ChangeLog lib/glob.c |
diffstat | 2 files changed, 12 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Tue Oct 17 07:12:14 2017 -0700 +++ b/ChangeLog Wed Oct 18 10:19:35 2017 -0700 @@ -1,3 +1,10 @@ +2017-10-18 Paul Eggert <eggert@cs.ucla.edu> + + glob: pacify fuzzer for mempcpy + Problem reported by Tim Rühsen in: + https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html + * lib/glob.c (glob): Do not pass NULL to mempcpy. + 2017-10-12 Bruno Haible <bruno@clisp.org> doc: Fix syntax error (regression from 2017-10-03).
--- a/lib/glob.c Tue Oct 17 07:12:14 2017 -0700 +++ b/lib/glob.c Wed Oct 18 10:19:35 2017 -0700 @@ -800,6 +800,7 @@ { size_t home_len = strlen (p->pw_dir); size_t rest_len = end_name == NULL ? 0 : strlen (end_name); + char *d; if (__glibc_unlikely (malloc_dirname)) free (dirname); @@ -819,8 +820,10 @@ } malloc_dirname = 1; } - *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len), - end_name, rest_len)) = '\0'; + d = mempcpy (dirname, p->pw_dir, home_len); + if (end_name != NULL) + d = mempcpy (d, end_name, rest_len); + *d = '\0'; dirlen = home_len + rest_len; dirname_modified = 1;