[COMMITTED] glob: pacify fuzzer for mempcpy

Message ID 1513706639-12259-1-git-send-email-adhemerval.zanella@linaro.org
State New
Headers show
Series
  • [COMMITTED] glob: pacify fuzzer for mempcpy
Related show

Commit Message

Adhemerval Zanella Dec. 19, 2017, 6:03 p.m.
Problem reported by Tim Rühsen [1].  Sync with gnulib 0e14f025d2.

[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html

Checked on x86_64-linux-gnu.

    * lib/glob.c (glob): Do not pass NULL to mempcpy.

Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>

---
 ChangeLog    | 4 ++++
 posix/glob.c | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

-- 
2.7.4

Patch

diff --git a/posix/glob.c b/posix/glob.c
index cb39779..511ec4b 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -826,6 +826,7 @@  __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	      {
 		size_t home_len = strlen (p->pw_dir);
 		size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+		char *d;
 
 		if (__glibc_unlikely (malloc_dirname))
 		  free (dirname);
@@ -845,8 +846,10 @@  __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 		      }
 		    malloc_dirname = 1;
 		  }
-		*((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
-				    end_name, rest_len)) = '\0';
+		d = mempcpy (dirname, p->pw_dir, home_len);
+		if (end_name != NULL)
+		  d = mempcpy (d, end_name, rest_len);
+		*d = '\0';
 
 		dirlen = home_len + rest_len;
 		dirname_modified = 1;