Author: jhb
Date: Wed Sep 16 22:55:27 2020
New Revision: 365819
URL: https://svnweb.freebsd.org/changeset/base/365819
Log:
MFC 365276: Compute the correct size of the string to move forward.
Previously this was counting the amount of spare room at the start of
the buffer that the string needed to move forward and passing that as
the number of bytes to copy to memmove rather than the length of the
string to be copied.
In the strfmon test in the test suite this caused the memmove to
overflow the allocated buffer by one byte which CHERI caught.
Modified:
stable/12/lib/libc/stdlib/strfmon.c
Directory Properties:
stable/12/ (props changed)
Changes in other areas also in this revision:
Modified:
stable/11/lib/libc/stdlib/strfmon.c
Directory Properties:
stable/11/ (props changed)
Modified: stable/12/lib/libc/stdlib/strfmon.c
==============================================================================
--- stable/12/lib/libc/stdlib/strfmon.c Wed Sep 16 22:42:27 2020
(r365818)
+++ stable/12/lib/libc/stdlib/strfmon.c Wed Sep 16 22:55:27 2020
(r365819)
@@ -636,7 +636,7 @@ __format_grouped_double(double value, int *flags,
memset(bufend, pad_char, padded);
}
- bufsize = bufsize - (bufend - rslt) + 1;
+ bufsize = rslt + bufsize - bufend;
memmove(rslt, bufend, bufsize);
free(avalue);
return (rslt);
_______________________________________________
svn-src-all@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-all
To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
