Mercurial > gnulib
changeset 38902:78a7785c42b9
glob: fix another heap buffer overflow
Problem reported by Tim Rühsen in:
https://sourceware.org/bugzilla/show_bug.cgi?id=22332
* lib/glob.c (glob): Avoid buffer overrun when unescaping.
author | Paul Eggert <eggert@cs.ucla.edu> |
---|---|
date | Sat, 21 Oct 2017 12:20:29 -0700 |
parents | ead4e3bf6c56 |
children | 742924486992 |
files | ChangeLog lib/glob.c |
diffstat | 2 files changed, 9 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Thu Oct 19 13:03:40 2017 -0700 +++ b/ChangeLog Sat Oct 21 12:20:29 2017 -0700 @@ -1,3 +1,10 @@ +2017-10-21 Paul Eggert <eggert@cs.ucla.edu> + + glob: fix another heap buffer overflow + Problem reported by Tim Rühsen in: + https://sourceware.org/bugzilla/show_bug.cgi?id=22332 + * lib/glob.c (glob): Avoid buffer overrun when unescaping. + 2017-10-19 Paul Eggert <eggert@cs.ucla.edu> quotearg: pacify compiler re unsigned
--- a/lib/glob.c Thu Oct 19 13:03:40 2017 -0700 +++ b/lib/glob.c Sat Oct 21 12:20:29 2017 -0700 @@ -744,11 +744,11 @@ char *p = mempcpy (newp, dirname + 1, unescape - dirname - 1); char *q = unescape; - while (*q != '\0') + while (q != end_name) { if (*q == '\\') { - if (q[1] == '\0') + if (q + 1 == end_name) { /* "~fo\\o\\" unescape to user_name "foo\\", but "~fo\\o\\/" unescape to user_name