diff options
| author | Rich Felker <dalias@aerifal.cx> | 2011-09-04 00:06:01 -0400 | 
|---|---|---|
| committer | Rich Felker <dalias@aerifal.cx> | 2011-09-04 00:06:01 -0400 | 
| commit | 32d67e938e8da0f37c59247acee8b10eaf9a113c (patch) | |
| tree | e87b7b5da7700f8af18ce90ceef850398ba9947c /src | |
| parent | d4fa6f0e08ff5a292d2aeeeeda80670a1a082cae (diff) | |
| download | musl-32d67e938e8da0f37c59247acee8b10eaf9a113c.tar.gz | |
fix twos complement overflow bug in mem streams boundary check
the expression -off is not safe in case off is the most-negative
value. instead apply - to base which is known to be non-negative and
bounded within sanity.
Diffstat (limited to 'src')
| -rw-r--r-- | src/stdio/open_memstream.c | 2 | ||||
| -rw-r--r-- | src/stdio/open_wmemstream.c | 2 | 
2 files changed, 2 insertions, 2 deletions
| diff --git a/src/stdio/open_memstream.c b/src/stdio/open_memstream.c index 2f3569f1..57737098 100644 --- a/src/stdio/open_memstream.c +++ b/src/stdio/open_memstream.c @@ -28,7 +28,7 @@ static off_t ms_seek(FILE *f, off_t off, int whence)  		errno = EINVAL;  		return -1;  	} -	if (-off > base || off > SSIZE_MAX-base) goto fail; +	if (off < -base || off > SSIZE_MAX-base) goto fail;  	return c->pos = base+off;  } diff --git a/src/stdio/open_wmemstream.c b/src/stdio/open_wmemstream.c index 3bc0f254..41b92d21 100644 --- a/src/stdio/open_wmemstream.c +++ b/src/stdio/open_wmemstream.c @@ -29,7 +29,7 @@ static off_t wms_seek(FILE *f, off_t off, int whence)  		errno = EINVAL;  		return -1;  	} -	if (-off > base || off > SSIZE_MAX/4-base) goto fail; +	if (off < -base || off > SSIZE_MAX/4-base) goto fail;  	memset(&c->mbs, 0, sizeof c->mbs);  	return c->pos = base+off;  } | 
