diff options
author | Paul Eggert <eggert@cs.ucla.edu> | 2017-10-18 10:19:35 -0700 |
---|---|---|
committer | Paul Eggert <eggert@cs.ucla.edu> | 2017-10-18 10:19:57 -0700 |
commit | 0e14f025d2ad40e9fbe4222e3fda328df107e761 (patch) | |
tree | fcacd733391942804bbebb7b3028424f5f8944d8 | |
parent | 419a2b5ed2e4a440d77ff84872195f2e213123c3 (diff) | |
download | gnulib-0e14f025d2ad40e9fbe4222e3fda328df107e761.tar.gz |
glob: pacify fuzzer for mempcpy
Problem reported by Tim Rühsen in:
https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
* lib/glob.c (glob): Do not pass NULL to mempcpy.
-rw-r--r-- | ChangeLog | 7 | ||||
-rw-r--r-- | lib/glob.c | 7 |
2 files changed, 12 insertions, 2 deletions
@@ -1,3 +1,10 @@ +2017-10-18 Paul Eggert <eggert@cs.ucla.edu> + + glob: pacify fuzzer for mempcpy + Problem reported by Tim Rühsen in: + https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html + * lib/glob.c (glob): Do not pass NULL to mempcpy. + 2017-10-12 Bruno Haible <bruno@clisp.org> doc: Fix syntax error (regression from 2017-10-03). diff --git a/lib/glob.c b/lib/glob.c index 9d677d9826..33030ec72b 100644 --- a/lib/glob.c +++ b/lib/glob.c @@ -800,6 +800,7 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int), { size_t home_len = strlen (p->pw_dir); size_t rest_len = end_name == NULL ? 0 : strlen (end_name); + char *d; if (__glibc_unlikely (malloc_dirname)) free (dirname); @@ -819,8 +820,10 @@ glob (const char *pattern, int flags, int (*errfunc) (const char *, int), } malloc_dirname = 1; } - *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len), - end_name, rest_len)) = '\0'; + d = mempcpy (dirname, p->pw_dir, home_len); + if (end_name != NULL) + d = mempcpy (d, end_name, rest_len); + *d = '\0'; dirlen = home_len + rest_len; dirname_modified = 1; |