sergiotarxz/nuttx
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

stdio/lib_libfread: Fix buffer overflow issue

Browse Source 
If the gulp size in the stdio buffer the remaining user buffer size it will:
- Corrupt memory in dest (user memory) and
- Keep corrupting KERNEL memory via the stdio character buffer until the
  whole system crashes, as the 'remaining' count underflows

This patch fixes this behavior.
This commit is contained in:
Ville Juven 2023-09-13 13:12:20 +03:00 committed by Xiang Xiao
parent 7a9d3c03e4
commit c178fa3260
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libs/libc/stdio/lib_libfread_unlocked.c
View File

@ -126,11 +126,11 @@ ssize_t lib_fread_unlocked(FAR void *ptr, size_t count, FAR FILE *stream)
if (gulp_size > 0)
{
if (gulp_size > count)
if (gulp_size > remaining)
{
/* Clip the gulp size to the requested byte count */
gulp_size = count;
gulp_size = remaining;
}
memcpy(dest, stream->fs_bufpos, gulp_size);