[PATCH nptl] Fix memory overwrite bug in pthread_attr_getaffinity().

Chris Metcalf cmetcalf at tilera.com
Mon Jan 11 13:12:04 UTC 2010


If the caller requests fewer bytes of cpu_set_t data than are
available from the system, the code will still copy all of the
system's data to the user, overwriting additional memory.

Signed-off-by: Chris Metcalf <cmetcalf at tilera.com>
---
 .../unix/sysv/linux/pthread_attr_getaffinity.c     |    8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diff --git a/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c b/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
index 5a3d418..376eac8 100644
--- a/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
+++ b/libpthread/nptl/sysdeps/unix/sysv/linux/pthread_attr_getaffinity.c
@@ -43,9 +43,15 @@ __pthread_attr_getaffinity_new (const pthread_attr_t *attr, size_t cpusetsize,
 	if (((char *) iattr->cpuset)[cnt] != 0)
 	  return EINVAL;
 
-      void *p = mempcpy (cpuset, iattr->cpuset, iattr->cpusetsize);
       if (cpusetsize > iattr->cpusetsize)
+      {
+	void *p = mempcpy (cpuset, iattr->cpuset, iattr->cpusetsize);
 	memset (p, '\0', cpusetsize - iattr->cpusetsize);
+      }
+      else
+      {
+	memcpy (cpuset, iattr->cpuset, cpusetsize);
+      }
     }
   else
     /* We have no information.  */
-- 
1.6.5.2



More information about the uClibc mailing list