main/musl: cherry-pick upstream fixes and improvements

fixes #4621

1 files changed, 32 insertions, 0 deletions

diff --git a/main/musl/0001-fix-single-byte-overflow-of-malloc-d-buffer-in-getde.patch b/main/musl/0001-fix-single-byte-overflow-of-malloc-d-buffer-in-getde.patch
new file mode 100644
index 0000000000..4d950ab3dd
--- /dev/null
+++ b/main/musl/0001-fix-single-byte-overflow-of-malloc-d-buffer-in-getde.patch
@@ -0,0 +1,32 @@
+From b114190b29417fff6f701eea3a3b3b6030338280 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sat, 24 Oct 2015 22:42:10 -0400
+Subject: [PATCH] fix single-byte overflow of malloc'd buffer in getdelim
+
+the buffer enlargement logic here accounted for the terminating null
+byte, but not for the possibility of hitting the delimiter in the
+buffer-refill code path that uses getc_unlocked, in which case two
+additional bytes (the delimiter and the null termination) are written
+without another chance to enlarge the buffer.
+
+this patch and the corresponding bug report are by Felix Janda.
+---
+ src/stdio/getdelim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/stdio/getdelim.c b/src/stdio/getdelim.c
+index a88c393..3077490 100644
+--- a/src/stdio/getdelim.c
++++ b/src/stdio/getdelim.c
+@@ -27,7 +27,7 @@ ssize_t getdelim(char **restrict s, size_t *restrict n, int delim, FILE *restric
+ 	for (;;) {
+ 		z = memchr(f->rpos, delim, f->rend - f->rpos);
+ 		k = z ? z - f->rpos + 1 : f->rend - f->rpos;
+-		if (i+k >= *n) {
++		if (i+k+1 >= *n) {
+ 			if (k >= SIZE_MAX/2-i) goto oom;
+ 			*n = i+k+2;
+ 			if (*n < SIZE_MAX/4) *n *= 2;
+-- 
+2.7.0
+