mirror of
https://gitlab.freedesktop.org/libbsd/libbsd.git
synced 2025-11-11 09:05:36 +01:00
c8f0723d2b
In the function fgetwln() there's a 4 byte heap overflow.
There is a while loop that has this check to see whether there's still
enough space in the buffer:
if (!fb->len || wused > fb->len) {
If this is true more memory gets allocated. However this test won't be
true if wused == fb->len, but at that point wused already points out
of the buffer. Some lines later there's a write to the buffer:
fb->wbuf[wused++] = wc;
This bug was found with the help of address sanitizer.
Warned-by: ASAN
Fixes: https://bugs.freedesktop.org/show_bug.cgi?id=93881
Signed-off-by: Guillem Jover <guillem@hadrons.org>
libbsd - Utility functions from BSD systems This library provides useful functions commonly found on BSD systems, and lacking on others like GNU systems, thus making it easier to port projects with strong BSD origins, without needing to embed the same code over and over again on each project. Releases -------- <http://libbsd.freedesktop.org/releases/> Mailing List ------------ The subscription interface and web archives can be found at: <http://lists.freedesktop.org/mailman/listinfo/libbsd> The mail address is: libbsd@lists.freedesktop.org Source Repository ----------------- <http://cgit.freedesktop.org/libbsd> <git://anongit.freedesktop.org/git/libbsd>