summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPaul Eggert <eggert@cs.ucla.edu>2017-10-18 10:19:35 -0700
committerPaul Eggert <eggert@cs.ucla.edu>2017-10-18 10:19:57 -0700
commit0e14f025d2ad40e9fbe4222e3fda328df107e761 (patch)
treefcacd733391942804bbebb7b3028424f5f8944d8
parent419a2b5ed2e4a440d77ff84872195f2e213123c3 (diff)
downloadgnulib-0e14f025d2ad40e9fbe4222e3fda328df107e761.tar.gz
glob: pacify fuzzer for mempcpy
Problem reported by Tim Rühsen in: https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html * lib/glob.c (glob): Do not pass NULL to mempcpy.
Diffstat
-rw-r--r--ChangeLog7
-rw-r--r--lib/glob.c7
2 files changed, 12 insertions, 2 deletions
diff --git a/ChangeLog b/ChangeLog
index 5e0c3c7f22..b280a7753d 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2017-10-18 Paul Eggert <eggert@cs.ucla.edu>
+
+ glob: pacify fuzzer for mempcpy
+ Problem reported by Tim Rühsen in:
+ https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
+ * lib/glob.c (glob): Do not pass NULL to mempcpy.
+
2017-10-12 Bruno Haible <bruno@clisp.org>
doc: Fix syntax error (regression from 2017-10-03).
diff --git a/lib/glob.c b/lib/glob.c
index 9d677d9826..33030ec72b 100644
--- a/lib/glob.c
+++ b/lib/glob.c
@@ -800,6 +800,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+ char *d;
if (__glibc_unlikely (malloc_dirname))
free (dirname);
@@ -819,8 +820,10 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
}
malloc_dirname = 1;
}
- *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
- end_name, rest_len)) = '\0';
+ d = mempcpy (dirname, p->pw_dir, home_len);
+ if (end_name != NULL)
+ d = mempcpy (d, end_name, rest_len);
+ *d = '\0';
dirlen = home_len + rest_len;
dirname_modified = 1;
View Lorry Controller Status