[uClibc-cvs] uClibc/libc/stdlib atexit.c,1.22,1.23
Erik Andersen
andersen at codepoet.org
Fri Jan 24 11:18:33 UTC 2003
Update of /var/cvs/uClibc/libc/stdlib
In directory winder:/tmp/cvs-serv18065/libc/stdlib
Modified Files:
atexit.c
Log Message:
Doh! Fix potential stack corruption caused by dynamic atexit
allocating size incorrectly....
-Erik
Index: atexit.c
===================================================================
RCS file: /var/cvs/uClibc/libc/stdlib/atexit.c,v
retrieving revision 1.22
retrieving revision 1.23
diff -u -d -r1.22 -r1.23
--- atexit.c 19 Nov 2002 07:08:31 -0000 1.22
+++ atexit.c 24 Jan 2003 11:18:29 -0000 1.23
@@ -96,12 +96,14 @@
#ifdef __UCLIBC_DYNAMIC_ATEXIT__
/* If we are out of function table slots, make some more */
if (__exit_slots < __exit_count+1) {
- __exit_function_table=realloc(__exit_function_table, __exit_slots+20);
+ __exit_function_table=realloc(__exit_function_table,
+ (__exit_slots+20)*sizeof(struct exit_function));
if (__exit_function_table==NULL) {
UNLOCK;
__set_errno(ENOMEM);
return -1;
}
+ __exit_slots+=20;
}
#else
if (__exit_count >= __UCLIBC_MAX_ATEXIT) {
@@ -136,12 +138,14 @@
#ifdef __UCLIBC_DYNAMIC_ATEXIT__
/* If we are out of function table slots, make some more */
if (__exit_slots < __exit_count+1) {
- __exit_function_table=realloc(__exit_function_table, __exit_slots+20);
+ __exit_function_table=realloc(__exit_function_table,
+ (__exit_slots+20)*sizeof(struct exit_function));
if (__exit_function_table==NULL) {
UNLOCK;
__set_errno(ENOMEM);
return -1;
}
+ __exit_slots+=20;
}
#else
if (__exit_count >= __UCLIBC_MAX_ATEXIT) {
More information about the uClibc-cvs
mailing list