Author: jhb Date: Wed Sep 16 22:55:27 2020 New Revision: 365819 URL: https://svnweb.freebsd.org/changeset/base/365819
Log: MFC 365276: Compute the correct size of the string to move forward. Previously this was counting the amount of spare room at the start of the buffer that the string needed to move forward and passing that as the number of bytes to copy to memmove rather than the length of the string to be copied. In the strfmon test in the test suite this caused the memmove to overflow the allocated buffer by one byte which CHERI caught. Modified: stable/12/lib/libc/stdlib/strfmon.c Directory Properties: stable/12/ (props changed) Changes in other areas also in this revision: Modified: stable/11/lib/libc/stdlib/strfmon.c Directory Properties: stable/11/ (props changed) Modified: stable/12/lib/libc/stdlib/strfmon.c ============================================================================== --- stable/12/lib/libc/stdlib/strfmon.c Wed Sep 16 22:42:27 2020 (r365818) +++ stable/12/lib/libc/stdlib/strfmon.c Wed Sep 16 22:55:27 2020 (r365819) @@ -636,7 +636,7 @@ __format_grouped_double(double value, int *flags, memset(bufend, pad_char, padded); } - bufsize = bufsize - (bufend - rslt) + 1; + bufsize = rslt + bufsize - bufend; memmove(rslt, bufend, bufsize); free(avalue); return (rslt); _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"