minor ftw bug

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

minor ftw bug

From:	Jim Meyering
Subject:	minor ftw bug
Date:	Fri, 28 Feb 2003 15:49:28 +0100

Without this fix, you can provoke a NULL-pointer dereference by
calling ftw/nftw with a maximum number of descriptors that is large
enough to make alloca return NULL.

2003-02-28  Jim Meyering  <address@hidden>

        * io/ftw.c (ftw_startup): Return -1 if alloca fails.
        Reuse previously-declared local, save_err, rather than shadowing it.

Index: ftw.c
===================================================================
RCS file: /cvs/glibc/libc/io/ftw.c,v
retrieving revision 1.42
diff -u -p -u -p -r1.42 ftw.c
--- ftw.c       8 Feb 2003 18:27:13 -0000       1.42
+++ ftw.c       28 Feb 2003 14:42:41 -0000
@@ -591,6 +591,8 @@ ftw_startup (const char *dir, int is_nft
   data.actdir = 0;
   data.dirstreams = (struct dir_data **) alloca (data.maxdir
                                                 * sizeof (struct dir_data *));
+  if (data.dirstreams == NULL)
+    return -1;
   memset (data.dirstreams, '\0', data.maxdir * sizeof (struct dir_data *));
 
   /* PATH_MAX is always defined when we get here.  */
@@ -703,7 +705,7 @@ ftw_startup (const char *dir, int is_nft
   /* Return to the start directory (if necessary).  */
   if (cwd != NULL)
     {
-      int save_err = errno;
+      save_err = errno;
       __chdir (cwd);
       free (cwd);
       __set_errno (save_err);

[Prev in Thread]

Current Thread

[Next in Thread]

minor ftw bug, Jim Meyering <=

Prev by Date: IMPORTANT: your message to wai-tech-comments
Next by Date: Double-checking about upgrading
Previous by thread: IMPORTANT: your message to wai-tech-comments
Next by thread: Double-checking about upgrading
Index(es):
- Date
- Thread