aboutsummaryrefslogtreecommitdiff
path: root/BUGS
diff options
context:
space:
mode:
authorMichael Matz <matz@suse.de>2012-04-05 10:48:14 +0200
committerAndreas Jaeger <aj@suse.de>2012-04-05 10:50:09 +0200
commite80d6f94e19d17b91e3cd3ada7193cc88f621feb (patch)
treef519a13feef74d70dfade10c595b72d3113add5f /BUGS
parent349fa79f5527f78d60c78eb1fbb2dfb56846018c (diff)
downloadglibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar
glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.gz
glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.bz2
glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.zip
Fix size parameter comparisions.
[BZ #13592] There are several signed compares of the size argument, whereas it really is unsigned. Depending on situations e.g. a "memset(ptr, 0, -1)" segfault (but for the wrong reasons, because jumping into nirvana) or succeeds even. In normal use this is harmless, as a size with signbit set indicates more than half the address space which on x86_64 is impossible to allocate, but as the size is used to index some jump tables this potentially could have other unwanted side effects.
Diffstat (limited to 'BUGS')
0 files changed, 0 insertions, 0 deletions