From 7208a313b93a42e3cef61c4249a59b4b32a5850b Mon Sep 17 00:00:00 2001 From: Carlos O'Donell Date: Sat, 6 Apr 2013 17:00:02 -0400 Subject: [PATCH] dl_open_worker: Memset all of seen array. The seen array was doubled in size recently, but the memset to clear the array was not adjusted. We adjust the memset to always be correct regardless of the size of seen. --- 2013-04-06 Carlos O'Donell [BZ #15309] * elf/dl-open.c (dl_open_worker): memset all of seen array. --- ChangeLog | 5 +++++ NEWS | 3 ++- elf/dl-open.c | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/ChangeLog b/ChangeLog index dbb7af5b84..197ea247ad 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +2013-04-06 Carlos O'Donell + + [BZ #15309] + * elf/dl-open.c (dl_open_worker): memset all of seen array. + 2013-04-06 Marko Myllynen [BZ #15264] diff --git a/NEWS b/NEWS index e5c8c864d3..5644a59a75 100644 --- a/NEWS +++ b/NEWS @@ -13,7 +13,8 @@ Version 2.18 14176, 14200, 14317, 14327, 14478, 14496, 14686, 14812, 14920, 14964, 14981, 14982, 14985, 14994, 14996, 15003, 15006, 15020, 15023, 15036, 15054, 15055, 15062, 15078, 15160, 15214, 15232, 15234, 15283, 15285, - 15287, 15304, 15305, 15307, 15327, 15330, 15335, 15336, 15337, 15342. + 15287, 15304, 15305, 15307, 15309, 15327, 15330, 15335, 15336, 15337, + 15342. * CVE-2013-0242 Buffer overrun in regexp matcher has been fixed (Bugzilla #15078). diff --git a/elf/dl-open.c b/elf/dl-open.c index 201d95d1be..9ff5f5736d 100644 --- a/elf/dl-open.c +++ b/elf/dl-open.c @@ -344,7 +344,7 @@ dl_open_worker (void *a) if (nmaps > 1) { uint16_t seen[nmaps]; - memset (seen, '\0', nmaps); + memset (seen, '\0', sizeof (seen)); size_t i = 0; while (1) {