diff options
| author | Greg Steuck <gnezdo@cvs.openbsd.org> | 2022-09-28 16:44:15 +0000 |
|---|---|---|
| committer | Greg Steuck <gnezdo@cvs.openbsd.org> | 2022-09-28 16:44:15 +0000 |
| commit | e4020207e079a69f8c293a85878bace9c075d378 (patch) | |
| tree | cb9cbd3f1cce350ab62c314bafe59d37fa90490d /lib | |
| parent | e4c7206c0df3a49a1ace7e95dd30ca7b09d98fb5 (diff) | |
Fix incorrect range check for size in setvbuf
From enh AT google.com:
The existing test is wrong for LP64, where size_t has twice as many
relevant bits as int, not just one. (Found by inspection by
rprichard.)
Looks good to deraadt@ and millert@
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/libc/stdio/setvbuf.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libc/stdio/setvbuf.c b/lib/libc/stdio/setvbuf.c index 9a08d133f5f..74a1695a695 100644 --- a/lib/libc/stdio/setvbuf.c +++ b/lib/libc/stdio/setvbuf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: setvbuf.c,v 1.14 2016/09/21 04:38:56 guenther Exp $ */ +/* $OpenBSD: setvbuf.c,v 1.15 2022/09/28 16:44:14 gnezdo Exp $ */ /*- * Copyright (c) 1990, 1993 * The Regents of the University of California. All rights reserved. @@ -31,6 +31,7 @@ * SUCH DAMAGE. */ +#include <limits.h> #include <stdio.h> #include <stdlib.h> #include "local.h" @@ -52,7 +53,7 @@ setvbuf(FILE *fp, char *buf, int mode, size_t size) * when setting _IONBF. */ if (mode != _IONBF) - if ((mode != _IOFBF && mode != _IOLBF) || (int)size < 0) + if ((mode != _IOFBF && mode != _IOLBF) || size > INT_MAX) return (EOF); /* |