diff options
Diffstat (limited to 'main/musl/fix-single-byte-overflow.patch')
| -rw-r--r-- | main/musl/fix-single-byte-overflow.patch | 32 |
1 files changed, 0 insertions, 32 deletions
diff --git a/main/musl/fix-single-byte-overflow.patch b/main/musl/fix-single-byte-overflow.patch deleted file mode 100644 index ffc5b3551c..0000000000 --- a/main/musl/fix-single-byte-overflow.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b114190b29417fff6f701eea3a3b3b6030338280 Mon Sep 17 00:00:00 2001 -From: Rich Felker <dalias@aerifal.cx> -Date: Sat, 24 Oct 2015 22:42:10 -0400 -Subject: fix single-byte overflow of malloc'd buffer in getdelim - -the buffer enlargement logic here accounted for the terminating null -byte, but not for the possibility of hitting the delimiter in the -buffer-refill code path that uses getc_unlocked, in which case two -additional bytes (the delimiter and the null termination) are written -without another chance to enlarge the buffer. - -this patch and the corresponding bug report are by Felix Janda. ---- - src/stdio/getdelim.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/stdio/getdelim.c b/src/stdio/getdelim.c -index a88c393..3077490 100644 ---- a/src/stdio/getdelim.c -+++ b/src/stdio/getdelim.c -@@ -27,7 +27,7 @@ ssize_t getdelim(char **restrict s, size_t *restrict n, int delim, FILE *restric - for (;;) { - z = memchr(f->rpos, delim, f->rend - f->rpos); - k = z ? z - f->rpos + 1 : f->rend - f->rpos; -- if (i+k >= *n) { -+ if (i+k+1 >= *n) { - if (k >= SIZE_MAX/2-i) goto oom; - *n = i+k+2; - if (*n < SIZE_MAX/4) *n *= 2; --- -cgit v0.11.2 - |