From 8a4ccf53a605414546a73d39dda24fe95c1bc1b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timo=20Ter=C3=A4s?= Date: Fri, 8 Jan 2016 09:18:11 +0200 Subject: main/musl: cherry-pick upstream fixes and improvements fixes #4621 --- main/musl/fix-single-byte-overflow.patch | 32 -------------------------------- 1 file changed, 32 deletions(-) delete mode 100644 main/musl/fix-single-byte-overflow.patch (limited to 'main/musl/fix-single-byte-overflow.patch') diff --git a/main/musl/fix-single-byte-overflow.patch b/main/musl/fix-single-byte-overflow.patch deleted file mode 100644 index ffc5b3551c..0000000000 --- a/main/musl/fix-single-byte-overflow.patch +++ /dev/null @@ -1,32 +0,0 @@ -From b114190b29417fff6f701eea3a3b3b6030338280 Mon Sep 17 00:00:00 2001 -From: Rich Felker -Date: Sat, 24 Oct 2015 22:42:10 -0400 -Subject: fix single-byte overflow of malloc'd buffer in getdelim - -the buffer enlargement logic here accounted for the terminating null -byte, but not for the possibility of hitting the delimiter in the -buffer-refill code path that uses getc_unlocked, in which case two -additional bytes (the delimiter and the null termination) are written -without another chance to enlarge the buffer. - -this patch and the corresponding bug report are by Felix Janda. ---- - src/stdio/getdelim.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/stdio/getdelim.c b/src/stdio/getdelim.c -index a88c393..3077490 100644 ---- a/src/stdio/getdelim.c -+++ b/src/stdio/getdelim.c -@@ -27,7 +27,7 @@ ssize_t getdelim(char **restrict s, size_t *restrict n, int delim, FILE *restric - for (;;) { - z = memchr(f->rpos, delim, f->rend - f->rpos); - k = z ? z - f->rpos + 1 : f->rend - f->rpos; -- if (i+k >= *n) { -+ if (i+k+1 >= *n) { - if (k >= SIZE_MAX/2-i) goto oom; - *n = i+k+2; - if (*n < SIZE_MAX/4) *n *= 2; --- -cgit v0.11.2 - -- cgit v1.2.3