musl - musl - an implementation of the standard library for Linux-based systems

musl - an implementation of the standard library for Linux-based systems

diff options

author	Rich Felker <dalias@aerifal.cx>	2022年10月07日 19:37:56 -0400
committer	Rich Felker <dalias@aerifal.cx>	2022年10月19日 14:01:32 -0400
commit	5ff3eea91fa6bdce25b3a35644433f68e076beca (patch)
tree	8353c65c630a186fde7533897518f5ce2d45d32c /src/stdio/fgets.c
parent	d8f35e29d0e35a90f44c04de585470c211afddf9 (diff)
download	musl-5ff3eea91fa6bdce25b3a35644433f68e076beca.tar.gz

fgets: avoid arithmetic overflow when n==INT_MIN is passed

performing n-- is not a safe operation for arbitrary signed input n. only perform the decrement in the code path where the initial n is greater than 1, and adjust the condition in the n<=1 code path to compensate for it not having been decremented.

Diffstat (limited to 'src/stdio/fgets.c')

-rw-r--r--

src/stdio/fgets.c

1 files changed, 3 insertions, 2 deletions

diff --git a/src/stdio/fgets.c b/src/stdio/fgets.c
index 6171f398..4a100b39 100644
--- a/src/stdio/fgets.c
+++ b/src/stdio/fgets.c

@@ -12,13 +12,14 @@ char *fgets(char *restrict s, int n, FILE *restrict f)

FLOCK(f);

- if (n--<=1) {

+ if (n<=1) {

f->mode |= f->mode-1;

FUNLOCK(f);

- if (n) return 0;

+ if (n<1) return 0;

*s = 0;

return s;

}

+ n--;

while (n) {

if (f->rpos != f->rend) {

generated by cgit v1.2.1 (git 2.18.0) at 2025年09月06日 19:50:46 +0000