[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#10472: [PATCH] canonicalize: fix // handling

From: Eric Blake
Subject: bug#10472: [PATCH] canonicalize: fix // handling
Date: Wed, 08 Feb 2012 09:19:07 -0700
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0

On 02/08/2012 03:13 AM, Pádraig Brady wrote:

>> From d1f3998942236194f1894c45804ec947d07ed134 Mon Sep 17 00:00:00 2001
>> From: Eric Blake <address@hidden>
>> Date: Sat, 4 Feb 2012 11:11:40 -0700
>> Subject: [PATCH] canonicalize: avoid uninitialized memory use
>> When DOUBLE_SLASH_IS_DISTINCT_ROOT is non-zero, then we were
>> reading the contents of rpath[1] even when we had never written
>> anything there, which meant that "///" would usually canonicalize
>> to "/" but sometimes to "//" if a '/' was leftover in the heap.
>> This condition could also occur via 'ln -s / //some/path' and
>> canonicalizing //some/path, where we rewind rpath but do not
>> clear out the previous round.  Platforms where "//" and "/" are
>> equivalent do not suffer from this read-beyond-written bounds.

> Thanks for handling this Eric.

No problem.

> I was wondering if you had seen this and what overlap there is?
> http://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00253.html

I saw it go by, but never looked at it closely. I guess it's time to
revive that thread, although it may need rebasing now.

Eric Blake   address@hidden    +1-919-301-3266
Libvirt virtualization library http://libvirt.org

Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]