lib/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2025-08-08 17:42:12 +03:00
Code Activity

Fix invalid pointer dereference in wcpcpy_chk

Browse Source 
The src pointer is const and points to a different object, so accessing
dest via src is invalid.

Reviewed-by: Florian Weimer <fweimer@redhat.com>
This commit is contained in:
Szabolcs Nagy
2022-06-21 15:57:48 +01:00
parent e5ece9de14
commit 3fa20d59d9
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
debug/wcpcpy_chk.c
View File

@@ -28,13 +28,12 @@ __wcpcpy_chk (wchar_t *dest, const wchar_t *src, size_t destlen)
{ {
wchar_t *wcp = (wchar_t *) dest - 1; wchar_t *wcp = (wchar_t *) dest - 1;
wint_t c; wint_t c;
const ptrdiff_t off = src - dest + 1;
do do
{ {
if (__glibc_unlikely (destlen-- == 0)) if (__glibc_unlikely (destlen-- == 0))
__chk_fail (); __chk_fail ();
c = wcp[off]; c = *src++;
*++wcp = c; *++wcp = c;
} }
while (c != L'\0'); while (c != L'\0');