Hi all,
in certain cases,
fnmatch(pattern, string, flags)
reads beyond the end of pattern. This can be triggered by parameters like this:
fnmatch(""[A-Z[.", "F", 0);
The corresponding code can be found here:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/misc/fnmatch/fnm...
After line 920 is executed, p points to '\0' (the end of the pattern).
Then, in line 923, p is unconditionally increased again and the value _after_ the end of the pattern is read (to find out if the pattern has ended).
Suggested fix: Just remove line 920.
Kind regards,
Frank
Hi Frank,
is it possible for you to sent a git format-patch -s with a good description to the problem?
best regards Waldemar
Frank Mehnert wrote,
Hi all,
in certain cases,
fnmatch(pattern, string, flags)
reads beyond the end of pattern. This can be triggered by parameters like this:
fnmatch(""[A-Z[.", "F", 0);
The corresponding code can be found here:
https://cgit.uclibc-ng.org/cgi/cgit/uclibc-ng.git/tree/libc/misc/fnmatch/fnm...
After line 920 is executed, p points to '\0' (the end of the pattern).
Then, in line 923, p is unconditionally increased again and the value _after_ the end of the pattern is read (to find out if the pattern has ended).
Suggested fix: Just remove line 920.
Kind regards,
Frank
Dr.-Ing. Frank Mehnert, frank.mehnert@kernkonzept.com, +49-351-41 883 224
Kernkonzept GmbH. Sitz: Dresden. Amtsgericht Dresden, HRB 31129. Geschäftsführer: Dr.-Ing. Michael Hohmuth
devel mailing list -- devel@uclibc-ng.org To unsubscribe send an email to devel-leave@uclibc-ng.org
-
Frank Mehnert -
Waldemar Brodkorb