main/musl: fix single-byte overflow of malloc'd buffer in getdelim

from upstream:
http://git.musl-libc.org/cgit/musl/commit/?id=b114190b29417fff6f701eea3a3b3b6030338280

1 files changed, 32 insertions, 0 deletions

diff --git a/main/musl/fix-single-byte-overflow.patch b/main/musl/fix-single-byte-overflow.patch
new file mode 100644
index 0000000000..ffc5b3551c
--- /dev/null
+++ b/main/musl/fix-single-byte-overflow.patch
@@ -0,0 +1,32 @@
+From b114190b29417fff6f701eea3a3b3b6030338280 Mon Sep 17 00:00:00 2001
+From: Rich Felker <dalias@aerifal.cx>
+Date: Sat, 24 Oct 2015 22:42:10 -0400
+Subject: fix single-byte overflow of malloc'd buffer in getdelim
+
+the buffer enlargement logic here accounted for the terminating null
+byte, but not for the possibility of hitting the delimiter in the
+buffer-refill code path that uses getc_unlocked, in which case two
+additional bytes (the delimiter and the null termination) are written
+without another chance to enlarge the buffer.
+
+this patch and the corresponding bug report are by Felix Janda.
+---
+ src/stdio/getdelim.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/stdio/getdelim.c b/src/stdio/getdelim.c
+index a88c393..3077490 100644
+--- a/src/stdio/getdelim.c
++++ b/src/stdio/getdelim.c
+@@ -27,7 +27,7 @@ ssize_t getdelim(char **restrict s, size_t *restrict n, int delim, FILE *restric
+ 	for (;;) {
+ 		z = memchr(f->rpos, delim, f->rend - f->rpos);
+ 		k = z ? z - f->rpos + 1 : f->rend - f->rpos;
+-		if (i+k >= *n) {
++		if (i+k+1 >= *n) {
+ 			if (k >= SIZE_MAX/2-i) goto oom;
+ 			*n = i+k+2;
+ 			if (*n < SIZE_MAX/4) *n *= 2;
+-- 
+cgit v0.11.2
+