Project

General

Profile

Submit #2920 » eilseq_fix_corrected_2.patch

Fix possible NULL pointer dereference and EILSEQ behavior - yellowrabbit2010, 06/09/2016 03:00 AM

View differences:

lib/libc/locale/ascii.c
129 129
	size_t nchr;
130 130

  
131 131
	if (dst == NULL) {
132
		s = memchr(*src, '\0', nms);
133
		if (*s & 0x80) {
134
			errno = EILSEQ;
135
			return ((size_t)-1);
132
		s = *src;
133
		while (*s != '\0' && nms-- > 0) {
134
			if (*s & 0x80) {
135
				errno = EILSEQ;
136
				return ((size_t)-1);
137
			}
138
			++s;
136 139
		}
137
		return (s != NULL ? s - *src : nms);
140
		return (s - *src);
138 141
	}
139 142

  
140 143
	s = *src;
141 144
	nchr = 0;
142 145
	while (len-- > 0 && nms-- > 0) {
143 146
		if (*s & 0x80) {
147
			*src = s;
144 148
			errno = EILSEQ;
145 149
			return ((size_t)-1);
146 150
		}
......
175 179
	nchr = 0;
176 180
	while (len-- > 0 && nwc-- > 0) {
177 181
		if (*s < 0 || *s > 127) {
182
			*src = s;
178 183
			errno = EILSEQ;
179 184
			return ((size_t)-1);
180 185
		}
lib/libc/locale/none.c
170 170
	nchr = 0;
171 171
	while (len-- > 0 && nwc-- > 0) {
172 172
		if (*s < 0 || *s > UCHAR_MAX) {
173
			*src = s;
173 174
			errno = EILSEQ;
174 175
			return ((size_t)-1);
175 176
		}
(3-3/3)