Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACepeQ8pdKRB5UW-CuVXVjhsk4av-V+zQdFwpU1+9fT_LCK2dg@mail.gmail.com>
Date: Wed, 14 Feb 2018 16:24:16 -0200
From: Geraldo Netto <geraldonetto@...il.com>
To: musl@...ts.openwall.com
Subject: fwrite() - possible division by zero

Dear Friends,

I was playing with musl and I think I may have found an issue on fwrite():

This is the original code:

size_t fwrite(const void *restrict src, size_t size, size_t nmemb,
FILE *restrict f)
{
    size_t k, l = size*nmemb;
    if (!size) nmemb = 0;
    FLOCK(f);
    k = __fwritex(src, l, f);
    FUNLOCK(f);
    return k==l ? nmemb : k/size;
}


It seems we need to check the variable size on return because if size is zero
We'll have a division by zero and a segmentation fault

I'm sending the attached patch that changes the return as follows:

return k==l ? nmemb : (size != 0) ? k/size : k;


I don't know if this is the correct approach, so, feel free to
change/let me know how to fix :)
Hope it helps


Kind Regards,

Geraldo Netto
Sapere Aude => Non dvcor, dvco
http://exdev.sf.net/

Download attachment "0001-fwrite-avoid-segmentation-fault-when-size-0.patch" of type "application/octet-stream" (774 bytes)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.