glibc.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Florian Weimer <fweimer@redhat.com>	2023-01-25 08:01:00 +0100
committer	Florian Weimer <fweimer@redhat.com>	2023-01-25 08:01:00 +0100
commit	0d50f477f47ba637b54fb03ac48d769ec4543e8d (patch)
tree	598fbe050d8441a6152237d5442d2506ed846bf0 /malloc/alloc_buffer_alloc_array.c
parent	0674613e6652a46063756f162bdef88622b3bdbd (diff)
download	glibc-0d50f477f47ba637b54fb03ac48d769ec4543e8d.tar.xz glibc-0d50f477f47ba637b54fb03ac48d769ec4543e8d.zip

stdio-common: Handle -1 buffer size in __sprintf_chk & co (bug 30039)

This shows up as an assertion failure when sprintf is called with a specifier like "%.8g" and libquadmath is linked in: Fatal glibc error: printf_buffer_as_file.c:31 (__printf_buffer_as_file_commit): assertion failed: file->stream._IO_write_ptr <= file->next->write_end Fix this by detecting pointer wraparound in __vsprintf_internal and saturate the addition to the end of the address space instead. Reviewed-by: Carlos O'Donell <carlos@redhat.com> Tested-by: Carlos O'Donell <carlos@redhat.com>

Diffstat (limited to 'malloc/alloc_buffer_alloc_array.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: