Date: Wed, 13 Jan 2016 21:50:09 +0000 (UTC) From: Brooks Davis <brooks@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r293856 - head/lib/libc/string Message-ID: <201601132150.u0DLo9NH017920@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: brooks Date: Wed Jan 13 21:50:08 2016 New Revision: 293856 URL: https://svnweb.freebsd.org/changeset/base/293856 Log: Avoid reading pass the end of the source buffer when it is not NUL terminated. If this buffer is adjacent to an unmapped page or a version of C with bounds checked is used this may result in a crash. PR: 206178 Submitted by: Alexander Cherepanov <cherepan@mccme.ru> MFC after: 1 week Modified: head/lib/libc/string/wcslcat.c Modified: head/lib/libc/string/wcslcat.c ============================================================================== --- head/lib/libc/string/wcslcat.c Wed Jan 13 21:49:01 2016 (r293855) +++ head/lib/libc/string/wcslcat.c Wed Jan 13 21:50:08 2016 (r293856) @@ -54,7 +54,7 @@ wcslcat(wchar_t *dst, const wchar_t *src size_t dlen; /* Find the end of dst and adjust bytes left but don't go past end */ - while (*d != '\0' && n-- != 0) + while (n-- != 0 && *d != '\0') d++; dlen = d - dst; n = siz - dlen;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201601132150.u0DLo9NH017920>