[COMMITTED] glob: pacify fuzzer for mempcpy
Commit Message
Problem reported by Tim Rühsen [1]. Sync with gnulib 0e14f025d2.
[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html
Checked on x86_64-linux-gnu.
* lib/glob.c (glob): Do not pass NULL to mempcpy.
Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
---
ChangeLog | 4 ++++
posix/glob.c | 7 +++++--
2 files changed, 9 insertions(+), 2 deletions(-)
@@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
{
size_t home_len = strlen (p->pw_dir);
size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+ char *d;
if (__glibc_unlikely (malloc_dirname))
free (dirname);
@@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
}
malloc_dirname = 1;
}
- *((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
- end_name, rest_len)) = '\0';
+ d = mempcpy (dirname, p->pw_dir, home_len);
+ if (end_name != NULL)
+ d = mempcpy (d, end_name, rest_len);
+ *d = '\0';
dirlen = home_len + rest_len;
dirname_modified = 1;