aboutsummaryrefslogtreecommitdiff
path: root/misc/fsync.c
diff options
context:
space:
mode:
authorAdhemerval Zanella <azanella@linux.vnet.ibm.com>2014-12-05 07:41:22 -0500
committerAdhemerval Zanella <azanella@linux.vnet.ibm.com>2014-12-05 07:41:22 -0500
commit9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a (patch)
tree8584d933eb5bed98af8b3784a1b3f785c9df8b36 /misc/fsync.c
parent4bee4cd9593610ac1204529076591871b1143c7e (diff)
downloadglibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.tar
glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.tar.gz
glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.tar.bz2
glibc-9752c3cdbce2b3b8338abf09c8b9dd9e78908b8a.zip
libio: Fix buffer overrun in tst-ftell-active-handler
On 'do_ftell_test' the code: 365 if (test_modes[i].fd_mode != O_WRONLY) 366 { 367 char tmpbuf[data_len]; 368 369 rewind (fp); 370 371 while (fgets_func (tmpbuf, sizeof (tmpbuf), fp) && !feof (fp)); The 'data_len' is calculated with wsclen and allocated as 'char'. The subsequent fgetws will then try to write at most 'data_len' wchar_t in a buffer with just data_len 'char'. This patch fixes it by allocating the tmpbuf using 'wchar_t' * data_len bytes.
Diffstat (limited to 'misc/fsync.c')
0 files changed, 0 insertions, 0 deletions