summaryrefslogtreecommitdiffstats
path: root/libc/termios
diff options
context:
space:
mode:
authorEric Andersen <andersen@codepoet.org>2003-09-01 14:56:33 +0000
committerEric Andersen <andersen@codepoet.org>2003-09-01 14:56:33 +0000
commite4668543352aa58a0aaa03fe9624daa75fd6da34 (patch)
tree79423ebf91a1b5ab161d6dddb575161d3207d1ee /libc/termios
parent8f15281c9cf4ffcf39fd8b2fb353aa103f3a528d (diff)
downloaduClibc-alpine-e4668543352aa58a0aaa03fe9624daa75fd6da34.tar.bz2
uClibc-alpine-e4668543352aa58a0aaa03fe9624daa75fd6da34.tar.xz
Greg Nutt writes:
Attached is a patch for a bug I found in libc/termios/ttyname.c. Essentially the length of the buffer is calculated incorrectly in a strncpy call and then the null terminator is placed on the byte after the buffer. This probably cause some very strange behavior on my system (it ended up setting malloc's heapsize to zero) but may be innocuous on other systems.
Diffstat (limited to 'libc/termios')
-rw-r--r--libc/termios/ttyname.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/libc/termios/ttyname.c b/libc/termios/ttyname.c
index c9c2c3242..569cfd94e 100644
--- a/libc/termios/ttyname.c
+++ b/libc/termios/ttyname.c
@@ -19,8 +19,8 @@ static int __check_dir_for_tty_match(char * dirname, struct stat *st, char *buf,
len = strlen(dirname) + 1;
while ((d = readdir(fp)) != 0) {
- strncpy(buf+len, d->d_name, buflen);
- buf[buflen]='\0';
+ strncpy(buf+len, d->d_name, buflen-len);
+ buf[buflen-1]='\0';
#if 0
/* Stupid filesystems like cramfs fail to guarantee that
* st_ino and st_dev uniquely identify a file, contrary to