AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-21 12:30:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix invalid pointer dereference in wcscpy_chk

Browse Source 
The src pointer is const and points to a different object, so accessing
dest via src is invalid.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
This commit is contained in:
Szabolcs Nagy 2022-06-21 14:43:30 +01:00
parent 09c6c6073c
commit e5ece9de14
1 changed files with 7 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
debug/wcscpy_chk.c
View File

@ -24,36 +24,16 @@ wchar_t *
__wcscpy_chk (wchar_t *dest, const wchar_t *src, size_t n)
{
wint_t c;
wchar_t *wcp;
wchar_t *wcp = dest;
if (__alignof__ (wchar_t) >= sizeof (wchar_t))
do
{
const ptrdiff_t off = dest - src - 1;
wcp = (wchar_t *) src;
do
{
if (__glibc_unlikely (n-- == 0))
__chk_fail ();
c = *wcp++;
wcp[off] = c;
}
while (c != L'\0');
}
else
{
wcp = dest;
do
{
if (__glibc_unlikely (n-- == 0))
__chk_fail ();
c = *src++;
*wcp++ = c;
}
while (c != L'\0');
if (__glibc_unlikely (n-- == 0))
__chk_fail ();
c = *src++;
*wcp++ = c;
}
while (c != L'\0');
return dest;
}