diff options
author | Michael Matz <matz@suse.de> | 2012-04-05 10:48:14 +0200 |
---|---|---|
committer | Andreas Jaeger <aj@suse.de> | 2012-04-05 10:50:09 +0200 |
commit | e80d6f94e19d17b91e3cd3ada7193cc88f621feb (patch) | |
tree | f519a13feef74d70dfade10c595b72d3113add5f /BUGS | |
parent | 349fa79f5527f78d60c78eb1fbb2dfb56846018c (diff) | |
download | glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.gz glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.tar.bz2 glibc-e80d6f94e19d17b91e3cd3ada7193cc88f621feb.zip |
Fix size parameter comparisions.
[BZ #13592]
There are several signed compares of the size argument, whereas
it really is unsigned. Depending on situations e.g. a "memset(ptr, 0,
-1)" segfault (but for the wrong reasons, because jumping into nirvana)
or succeeds even.
In normal use this is harmless, as a size with signbit set indicates
more than half the address space which on x86_64 is impossible to
allocate, but as the size is used to index some jump tables this
potentially could have other unwanted side effects.
Diffstat (limited to 'BUGS')
0 files changed, 0 insertions, 0 deletions