glob: pacify fuzzer for mempcpy

Problem reported by Tim Rühsen [1].  Sync with gnulib 0e14f025d2.

[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html

Checked on x86_64-linux-gnu.

    * lib/glob.c (glob): Do not pass NULL to mempcpy.

Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
This commit is contained in:
Adhemerval Zanella 2017-12-19 14:27:09 -02:00
parent 6f58c10ded
commit d711a00f93
2 changed files with 9 additions and 2 deletions

View File

@ -1,3 +1,7 @@
2017-12-19 Adhemerval Zanella <adhemerval.zanella@linaro.org>
* lib/glob.c (glob): Do not pass NULL to mempcpy.
2017-12-19 Joseph Myers <joseph@codesourcery.com>
* sysdeps/x86_64/fpu/libm-test-ulps: Update.

View File

@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
char *d;
if (__glibc_unlikely (malloc_dirname))
free (dirname);
@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
}
malloc_dirname = 1;
}
*((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
end_name, rest_len)) = '\0';
d = mempcpy (dirname, p->pw_dir, home_len);
if (end_name != NULL)
d = mempcpy (d, end_name, rest_len);
*d = '\0';
dirlen = home_len + rest_len;
dirname_modified = 1;