lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-07-29 11:41:21 +03:00
Code Activity

libio: Avoid ptrdiff_t overflow in IO_validate_vtable

Browse Source 
If the candidate pointer is sufficiently far away from
__start___libc_IO_vtables, the result might not fit into ptrdiff_t.
This commit is contained in:
Florian Weimer
2018-06-20 09:45:19 +02:00
parent 646c2833ee
commit 2d1c89a5d7
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
libio/libioP.h
View File

@ -830,8 +830,8 @@ IO_validate_vtable (const struct _IO_jump_t *vtable)
/* Fast path: The vtable pointer is within the __libc_IO_vtables
section. */
uintptr_t section_length = __stop___libc_IO_vtables - __start___libc_IO_vtables;
const char *ptr = (const char *) vtable;
uintptr_t offset = ptr - __start___libc_IO_vtables;
uintptr_t ptr = (uintptr_t) vtable;
uintptr_t offset = ptr - (uintptr_t) __start___libc_IO_vtables;
if (__glibc_unlikely (offset >= section_length))
/* The vtable pointer is not in the expected section. Use the
slow path, which will terminate the process if necessary. */