public inbox for glibc-cvs@sourceware.org
help / color / mirror / Atom feed
* [glibc] Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874)
@ 2021-03-01 14:08 Siddhesh Poyarekar
0 siblings, 0 replies; only message in thread
From: Siddhesh Poyarekar @ 2021-03-01 14:08 UTC (permalink / raw)
To: glibc-cvs
https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=764e9a0334350f52ab6953bef1db97f9b2e89ca5
commit 764e9a0334350f52ab6953bef1db97f9b2e89ca5
Author: Martin Sebor <msebor@gmail.com>
Date: Mon Mar 1 10:35:39 2021 +0530
Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874)
An experimental build of GCC 11 with an enhanced -Warray-bounds
reports a bug in IO_wdefault_doallocate where the function forms
an invalid past-the-end pointer to an allocated wchar_t buffer
by failingf to consider the scaling by sizeof (wchar_t).
The fix path below corrects this problem. It keeps the buffer
size the same as opposed to increasing it according to what other
code like it does.
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diff:
---
libio/wgenops.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/libio/wgenops.c b/libio/wgenops.c
index 3ae6995fa0..106ddfd278 100644
--- a/libio/wgenops.c
+++ b/libio/wgenops.c
@@ -379,12 +379,11 @@ libc_hidden_def (_IO_wdoallocbuf)
int
_IO_wdefault_doallocate (FILE *fp)
{
- wchar_t *buf;
-
- buf = malloc (BUFSIZ);
+ wchar_t *buf = (wchar_t *)malloc (BUFSIZ);
if (__glibc_unlikely (buf == NULL))
return EOF;
- _IO_wsetb (fp, buf, buf + BUFSIZ, 1);
+
+ _IO_wsetb (fp, buf, buf + BUFSIZ / sizeof *buf, 1);
return 1;
}
libc_hidden_def (_IO_wdefault_doallocate)
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-03-01 14:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-03-01 14:08 [glibc] Correct buffer end pointer in IO_wdefault_doallocate (BZ #26874) Siddhesh Poyarekar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).