From patchwork Tue Dec 19 18:03:58 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: Adhemerval Zanella Netto
 <adhemerval.zanella@linaro.org>
X-Patchwork-Id: 25017
Received: (qmail 96124 invoked by alias); 19 Dec 2017 18:04:08 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 96114 invoked by uid 89); 19 Dec 2017 18:04:07 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-25.9 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3,
	RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2
	spammy=HContent-Transfer-Encoding:8bit
X-HELO: mail-qk0-f193.google.com
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=Vb0UjslSNKcGbLhzoQadW9AIB6q2Bm9ad+YLJ6MVqzA=;
	b=fgAnnsSPcqgoJxOOht6y/Ibls+Cu3WxeANjsC6/AbvhH63VdMgdu5sYOoGu2nWgSKg
	CV0RJj3j4SBRMkKv4wnJUmVqCgWE8mgivfLcGLa1Bm6VoH+c+Na/Wt0WPh5UVI5R+QrK
	KbuXY65S/AyZsQocxsjYxvChxfFn/UBy5zBRTmqdTIVYGrRVT7s7bJYIIx8EECrWQTaH
	VNcM1Fn63e0sDb31osdhq+H7PjQeFIGFkpDos0Ton9wLhHV0KfWLM84dZHKn9TFZvSbO
	GGLymKgnvELOWmtsxufZPE9qXdV8/GrIv4hIZvJtxudS0JJ94bHvJ7d+DxGQDQJHu13i
	bCEg==
X-Gm-Message-State: AKGB3mLzEstevsuEcwT+Buj04yykSL4IReR8sQLhVsSIHByXsuyxamYm
	WviK8VcdcuAPqjc56JFwIl2ZXhf4/Ow=
X-Google-Smtp-Source: 
 ACJfBouMbk790feM2blSTvVv33iXO6NHrzjztx3/yz+ANyaUrR3mBPkZsCfWHsDurygCT0HLjJc1Tg==
X-Received: by 10.55.145.197 with SMTP id t188mr6055893qkd.267.1513706644162;
	Tue, 19 Dec 2017 10:04:04 -0800 (PST)
From: Adhemerval Zanella <adhemerval.zanella@linaro.org>
To: libc-alpha@sourceware.org
Subject: [COMMITTED] glob: pacify fuzzer for mempcpy
Date: Tue, 19 Dec 2017 16:03:58 -0200
Message-Id: <1513706639-12259-1-git-send-email-adhemerval.zanella@linaro.org>
MIME-Version: 1.0

Problem reported by Tim Rühsen [1].  Sync with gnulib 0e14f025d2.

[1] https://lists.gnu.org/archive/html/bug-gnulib/2017-10/msg00054.html

Checked on x86_64-linux-gnu.

    * lib/glob.c (glob): Do not pass NULL to mempcpy.

Signed-off-by: Adhemerval Zanella <adhemerval.zanella@linaro.org>
---
 ChangeLog    | 4 ++++
 posix/glob.c | 7 +++++--
 2 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/posix/glob.c b/posix/glob.c
index cb39779..511ec4b 100644
--- a/posix/glob.c
+++ b/posix/glob.c
@@ -826,6 +826,7 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 	      {
 		size_t home_len = strlen (p->pw_dir);
 		size_t rest_len = end_name == NULL ? 0 : strlen (end_name);
+		char *d;
 
 		if (__glibc_unlikely (malloc_dirname))
 		  free (dirname);
@@ -845,8 +846,10 @@ __glob (const char *pattern, int flags, int (*errfunc) (const char *, int),
 		      }
 		    malloc_dirname = 1;
 		  }
-		*((char *) mempcpy (mempcpy (dirname, p->pw_dir, home_len),
-				    end_name, rest_len)) = '\0';
+		d = mempcpy (dirname, p->pw_dir, home_len);
+		if (end_name != NULL)
+		  d = mempcpy (d, end_name, rest_len);
+		*d = '\0';
 
 		dirlen = home_len + rest_len;
 		dirname_modified = 1;