svn commit: r315720 - head/lib/libc/gen
Conrad Meyer
cem at FreeBSD.org
Wed Mar 22 17:37:49 UTC 2017
Author: cem
Date: Wed Mar 22 17:37:47 2017
New Revision: 315720
URL: https://svnweb.freebsd.org/changeset/base/315720
Log:
scandir: Fix NULL dereference, uninitialized value use in error case
If opendir succeeds but malloc fails, numitems was used uninitialized in
error handling under the 'fail' label. If it happened to have a non-zero
value, the NULL 'names' was dereferenced.
Reported by: Coverity
CIDs: 1329566, 1372625
Sponsored by: Dell EMC Isilon
Modified:
head/lib/libc/gen/scandir.c
Modified: head/lib/libc/gen/scandir.c
==============================================================================
--- head/lib/libc/gen/scandir.c Wed Mar 22 17:33:57 2017 (r315719)
+++ head/lib/libc/gen/scandir.c Wed Mar 22 17:37:47 2017 (r315720)
@@ -89,12 +89,12 @@ scandir(const char *dirname, struct dire
if ((dirp = opendir(dirname)) == NULL)
return(-1);
+ numitems = 0;
arraysz = 32; /* initial estimate of the array size */
names = (struct dirent **)malloc(arraysz * sizeof(struct dirent *));
if (names == NULL)
goto fail;
- numitems = 0;
while ((d = readdir(dirp)) != NULL) {
if (select != NULL && !SELECT(d))
continue; /* just selected names */
More information about the svn-src-head
mailing list