Bug 31637
| Summary: | linux_getcwd() bogus buffer length check | ||
|---|---|---|---|
| Product: | Base System | Reporter: | dwm <dwm> |
| Component: | kern | Assignee: | Andrew Gallatin <gallatin> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | 4.4-STABLE | ||
| Hardware: | Any | ||
| OS: | Any | ||
Responsible Changed From-To: freebsd-bugs->gallatin He touched linux_getcwd() last ;) State Changed From-To: open->closed Fixed in 1.2.2.2 -- I have no idea how that typo snuck in. The -current code was always right! Thanks for pointing it out.. |
len (uninitialized) is checked when lenused should be checked Fix: % diff linux_getcwd.c linux_getcwd.c.fixed 429c429 < if (len <= args->bufsize) { --- > if (lenused <= args->bufsize) { How-To-Repeat: run opera, try to save to a file...