Mercurial > gnulib

changeset 38899:2ac78e7051fd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
glob: pacify fuzzer for mempcpy Problem reported by Tim Rühsen in: https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html * lib/glob.c (glob): Do not pass NULL to mempcpy.
author Paul Eggert <eggert@cs.ucla.edu>
date Wed, 18 Oct 2017 10:19:35 -0700
parents 4a24c76a18bf
children 63c578da3f18
files ChangeLog lib/glob.c
diffstat 2 files changed, 12 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/ChangeLog	Tue Oct 17 07:12:14 2017 -0700
+++ b/ChangeLog	Wed Oct 18 10:19:35 2017 -0700
@@ -1,3 +1,10 @@
+2017-10-18  Paul Eggert  <eggert@cs.ucla.edu>
+
+	glob: pacify fuzzer for mempcpy
+	Problem reported by Tim Rühsen in:
+	https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
+	* lib/glob.c (glob): Do not pass NULL to mempcpy.
+
 2017-10-12  Bruno Haible  <bruno@clisp.org>
 
 	doc: Fix syntax error (regression from 2017-10-03).
--- a/lib/glob.c	Tue Oct 17 07:12:14 2017 -0700
+++ b/lib/glob.c	Wed Oct 18 10:19:35 2017 -0700
@@ -800,6 +800,7 @@
               {
                 size_t home_len = strlen (p->pw_dir);
                 size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+                char *d;
 
                 if (__glibc_unlikely (malloc_dirname))
                   free (dirname);
@@ -819,8 +820,10 @@
                       }
                     malloc_dirname = 1;
                   }
-                *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
-                                    end_name, rest_len)) = '\0';
+                d = mempcpy (dirname, p->pw_dir, home_len);
+                if (end_name != NULL)
+                  d = mempcpy (d, end_name, rest_len);
+                *d = '\0';
 
                 dirlen = home_len + rest_len;
                 dirname_modified = 1;