[uClibc-cvs] uClibc/libc/stdlib atexit.c,1.22,1.23

Erik Andersen andersen at codepoet.org
Fri Jan 24 11:18:33 UTC 2003


Update of /var/cvs/uClibc/libc/stdlib
In directory winder:/tmp/cvs-serv18065/libc/stdlib

Modified Files:
	atexit.c 
Log Message:
Doh!  Fix potential stack corruption caused by dynamic atexit
allocating size incorrectly....
 -Erik


Index: atexit.c
===================================================================
RCS file: /var/cvs/uClibc/libc/stdlib/atexit.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- atexit.c	19 Nov 2002 07:08:31 -0000	1.22
+++ atexit.c	24 Jan 2003 11:18:29 -0000	1.23
@@ -96,12 +96,14 @@
 #ifdef __UCLIBC_DYNAMIC_ATEXIT__
 	/* If we are out of function table slots, make some more */
 	if (__exit_slots < __exit_count+1) {
-	    __exit_function_table=realloc(__exit_function_table, __exit_slots+20);
+	    __exit_function_table=realloc(__exit_function_table, 
+		    (__exit_slots+20)*sizeof(struct exit_function));
 	    if (__exit_function_table==NULL) {
 		UNLOCK;
 		__set_errno(ENOMEM);
 		return -1;
 	    }
+	    __exit_slots+=20;
 	}
 #else
 	if (__exit_count >= __UCLIBC_MAX_ATEXIT) {
@@ -136,12 +138,14 @@
 #ifdef __UCLIBC_DYNAMIC_ATEXIT__
 	/* If we are out of function table slots, make some more */
 	if (__exit_slots < __exit_count+1) {
-	    __exit_function_table=realloc(__exit_function_table, __exit_slots+20);
+	    __exit_function_table=realloc(__exit_function_table, 
+		    (__exit_slots+20)*sizeof(struct exit_function));
 	    if (__exit_function_table==NULL) {
 		UNLOCK;
 		__set_errno(ENOMEM);
 		return -1;
 	    }
+	    __exit_slots+=20;
 	}
 #else
 	if (__exit_count >= __UCLIBC_MAX_ATEXIT) {




More information about the uClibc-cvs mailing list