diff options
author | Jakub Jelinek <jakub@redhat.com> | 2007-07-12 18:26:36 +0000 |
---|---|---|
committer | Jakub Jelinek <jakub@redhat.com> | 2007-07-12 18:26:36 +0000 |
commit | 0ecb606cb6cf65de1d9fc8a919bceb4be476c602 (patch) | |
tree | 2ea1f8305970753e4a657acb2ccc15ca3eec8e2c /libio/fmemopen.c | |
parent | 7d58530341304d403a6626d7f7a1913165fe2f32 (diff) | |
download | glibc-0ecb606cb6cf65de1d9fc8a919bceb4be476c602.tar.gz |
2.5-18.1
Diffstat (limited to 'libio/fmemopen.c')
-rw-r--r-- | libio/fmemopen.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/libio/fmemopen.c b/libio/fmemopen.c index ab6ffdd678..f3b280092c 100644 --- a/libio/fmemopen.c +++ b/libio/fmemopen.c @@ -1,5 +1,5 @@ /* Fmemopen implementation. - Copyright (C) 2000, 2002 Free Software Foundation, Inc. + Copyright (C) 2000, 2002, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Hanno Mueller, kontakt@hanno.de, 2000. @@ -27,8 +27,6 @@ * but couldn't find it in libio. The following snippet of code is an * attempt to implement what glibc's documentation describes. * - * No, it isn't really tested yet. :-) - * * * * I already see some potential problems: @@ -73,6 +71,7 @@ #include <libio.h> #include <stdio.h> #include <stdlib.h> +#include <stdint.h> #include <string.h> #include <sys/types.h> #include "libioP.h" @@ -128,7 +127,7 @@ fmemopen_write (void *cookie, const char *b, size_t s) if ((size_t) (c->pos + addnullc) == c->size) { __set_errno (ENOSPC); - return -1; + return 0; } s = c->size - c->pos - addnullc; } @@ -166,7 +165,7 @@ fmemopen_seek (void *cookie, _IO_off64_t *p, int w) break; case SEEK_END: - np = c->size - *p; + np = c->maxpos - *p; break; default: @@ -176,9 +175,9 @@ fmemopen_seek (void *cookie, _IO_off64_t *p, int w) if (np < 0 || (size_t) np > c->size) return -1; - c->pos = np; + *p = c->pos = np; - return np; + return 0; } @@ -203,6 +202,13 @@ fmemopen (void *buf, size_t len, const char *mode) cookie_io_functions_t iof; fmemopen_cookie_t *c; + if (__builtin_expect (len == 0, 0)) + { + einval: + __set_errno (EINVAL); + return NULL; + } + c = (fmemopen_cookie_t *) malloc (sizeof (fmemopen_cookie_t)); if (c == NULL) return NULL; @@ -220,7 +226,15 @@ fmemopen (void *buf, size_t len, const char *mode) c->buffer[0] = '\0'; } else - c->buffer = buf; + { + if (__builtin_expect ((uintptr_t) len > -(uintptr_t) buf, 0)) + { + free (c); + goto einval; + } + + c->buffer = buf; + } c->size = len; |