Date: Wed, 22 Mar 2017 18:12:48 +0000 (UTC) From: "Pedro F. Giffuni" <pfg@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: svn commit: r315725 - stable/11/lib/libc/gen Message-ID: <201703221812.v2MICncq040713@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pfg Date: Wed Mar 22 18:12:48 2017 New Revision: 315725 URL: https://svnweb.freebsd.org/changeset/base/315725 Log: MFC r315720 (from cem@) scandir: Fix NULL dereference, uninitialized value use in error case This bug was introduced in r315095. Given that it obviously is a bug and we can't afford to have such creatures in libc, do an early merge, Reported by: Coverity CIDs: 1329566, 1372625 Sponsored by: Dell EMC Isilon Modified: stable/11/lib/libc/gen/scandir.c Directory Properties: stable/11/ (props changed) Modified: stable/11/lib/libc/gen/scandir.c ============================================================================== --- stable/11/lib/libc/gen/scandir.c Wed Mar 22 17:56:46 2017 (r315724) +++ stable/11/lib/libc/gen/scandir.c Wed Mar 22 18:12:48 2017 (r315725) @@ -89,12 +89,12 @@ scandir(const char *dirname, struct dire if ((dirp = opendir(dirname)) == NULL) return(-1); + numitems = 0; arraysz = 32; /* initial estimate of the array size */ names = (struct dirent **)malloc(arraysz * sizeof(struct dirent *)); if (names == NULL) goto fail; - numitems = 0; while ((d = readdir(dirp)) != NULL) { if (select != NULL && !SELECT(d)) continue; /* just selected names */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201703221812.v2MICncq040713>