svn commit: r315725 - stable/11/lib/libc/gen
Pedro Giffuni
pfg at FreeBSD.org
Wed Mar 22 18:28:10 UTC 2017
> Il giorno 22 mar 2017, alle ore 13:12, Pedro F. Giffuni <pfg at FreeBSD.org> ha scritto:
>
> Author: pfg
> Date: Wed Mar 22 18:12:48 2017
> New Revision: 315725
> URL: https://svnweb.freebsd.org/changeset/base/315725
>
> Log:
> MFC r315720 (from cem@)
> scandir: Fix NULL dereference, uninitialized value use in error case
>
> This bug was introduced in r315095. Given that it obviously is a bug and
> we can't afford to have such creatures in libc, do an early merge,
>
This deserves further explanation: it was done now, before the regular 3 days before MFC
because I will be doing a highly risky operation in my HD (MBR—> GPT) and may not be
able to respond in a while.
It is well know cem@ doesn’t do MFCs and the bug was obvious enough that we wanted it
so now was better than in an undetermined future.
Pedro.
> Reported by: Coverity
> CIDs: 1329566, 1372625
> Sponsored by: Dell EMC Isilon
>
> Modified:
> stable/11/lib/libc/gen/scandir.c
> Directory Properties:
> stable/11/ (props changed)
>
> Modified: stable/11/lib/libc/gen/scandir.c
> ==============================================================================
> --- stable/11/lib/libc/gen/scandir.c Wed Mar 22 17:56:46 2017 (r315724)
> +++ stable/11/lib/libc/gen/scandir.c Wed Mar 22 18:12:48 2017 (r315725)
> @@ -89,12 +89,12 @@ scandir(const char *dirname, struct dire
> if ((dirp = opendir(dirname)) == NULL)
> return(-1);
>
> + numitems = 0;
> arraysz = 32; /* initial estimate of the array size */
> names = (struct dirent **)malloc(arraysz * sizeof(struct dirent *));
> if (names == NULL)
> goto fail;
>
> - numitems = 0;
> while ((d = readdir(dirp)) != NULL) {
> if (select != NULL && !SELECT(d))
> continue; /* just selected names */
>
More information about the svn-src-all
mailing list