[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bug#10472: [PATCH] canonicalize: fix // handling
|
From: |
Eric Blake |
|
Subject: |
Re: bug#10472: [PATCH] canonicalize: fix // handling |
|
Date: |
Wed, 08 Feb 2012 09:19:07 -0700 |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:10.0) Gecko/20120131 Thunderbird/10.0 |
On 02/08/2012 03:13 AM, Pádraig Brady wrote:
>> From d1f3998942236194f1894c45804ec947d07ed134 Mon Sep 17 00:00:00 2001
>> From: Eric Blake <address@hidden>
>> Date: Sat, 4 Feb 2012 11:11:40 -0700
>> Subject: [PATCH] canonicalize: avoid uninitialized memory use
>>
>> When DOUBLE_SLASH_IS_DISTINCT_ROOT is non-zero, then we were
>> reading the contents of rpath[1] even when we had never written
>> anything there, which meant that "///" would usually canonicalize
>> to "/" but sometimes to "//" if a '/' was leftover in the heap.
>> This condition could also occur via 'ln -s / //some/path' and
>> canonicalizing //some/path, where we rewind rpath but do not
>> clear out the previous round. Platforms where "//" and "/" are
>> equivalent do not suffer from this read-beyond-written bounds.
>>
>
> Thanks for handling this Eric.
No problem.
> I was wondering if you had seen this and what overlap there is?
> http://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00253.html
I saw it go by, but never looked at it closely. I guess it's time to
revive that thread, although it may need rebasing now.
--
Eric Blake address@hidden +1-919-301-3266
Libvirt virtualization library http://libvirt.org
signature.asc
Description: OpenPGP digital signature