Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 22 Mar 2017 13:28:24 -0500
From:      Pedro Giffuni <pfg@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   Re: svn commit: r315725 - stable/11/lib/libc/gen
Message-ID:  <826A8703-3697-4DB6-9651-32A96A36AD9E@FreeBSD.org>
In-Reply-To: <201703221812.v2MICncq040713@repo.freebsd.org>
References:  <201703221812.v2MICncq040713@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


> Il giorno 22 mar 2017, alle ore 13:12, Pedro F. Giffuni <pfg@FreeBSD.org> ha scritto:
> 
> Author: pfg
> Date: Wed Mar 22 18:12:48 2017
> New Revision: 315725
> URL: https://svnweb.freebsd.org/changeset/base/315725
> 
> Log:
>  MFC r315720 (from cem@)
>  scandir: Fix NULL dereference, uninitialized value use in error case
> 
>  This bug was introduced in r315095. Given that it obviously is a bug and
>  we can't afford to have such creatures in libc, do an early merge,
> 

This deserves further explanation: it was done now, before the regular 3 days before MFC
because I will be doing a highly risky operation in my HD (MBR—> GPT) and may not be
able to respond in a while.

It is well know cem@ doesn’t do MFCs and the bug was obvious enough that we wanted it
so now was better than in an undetermined future.

Pedro.

>  Reported by:	Coverity
>  CIDs:		1329566, 1372625
>  Sponsored by:	Dell EMC Isilon
> 
> Modified:
>  stable/11/lib/libc/gen/scandir.c
> Directory Properties:
>  stable/11/   (props changed)
> 
> Modified: stable/11/lib/libc/gen/scandir.c
> ==============================================================================
> --- stable/11/lib/libc/gen/scandir.c	Wed Mar 22 17:56:46 2017	(r315724)
> +++ stable/11/lib/libc/gen/scandir.c	Wed Mar 22 18:12:48 2017	(r315725)
> @@ -89,12 +89,12 @@ scandir(const char *dirname, struct dire
> 	if ((dirp = opendir(dirname)) == NULL)
> 		return(-1);
> 
> +	numitems = 0;
> 	arraysz = 32;	/* initial estimate of the array size */
> 	names = (struct dirent **)malloc(arraysz * sizeof(struct dirent *));
> 	if (names == NULL)
> 		goto fail;
> 
> -	numitems = 0;
> 	while ((d = readdir(dirp)) != NULL) {
> 		if (select != NULL && !SELECT(d))
> 			continue;	/* just selected names */
>

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?826A8703-3697-4DB6-9651-32A96A36AD9E>