Skip to content

GitLab

  • Menu
Projects Groups Snippets
    • Loading...
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • gcompat gcompat
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 7
    • Issues 7
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 5
    • Merge requests 5
  • Deployments
    • Deployments
    • Releases
  • Activity
  • Graph
  • Create a new issue
  • Commits
  • Issue Boards
Collapse sidebar
  • Adélie Linux
  • gcompatgcompat
  • Merge requests
  • !16

Open
Created Feb 20, 2022 by George Matsumura@GorgContributor
  • Report abuse
Report abuse

random_r: fix null dereference when passed uninitialized buf

  • Overview 0
  • Commits 1
  • Changes 1

Previously, initstate_r would attempt to pack the n, i, and j values into the state array pointed to by the x member value of buf, which would cause access to an invalid region of memory when buf was uninitialized. However, packing the values into the state array was required when buf was initialized, as otherwise the values of n, i, and j would not be saved. Critically, initstate_r had no means by which to distinguish between an uninitialized and initialized buf struct.

This change makes the random_r and srandom_r do the packing and unpacking of the n, i, and j values instead. This does lead to a somewhat more inefficient algorithm, but preserves compatibility in case setstate_r is passed a state array that was initialized with the normal initstate function.

Thank you for your time in looking at this.

Signed-off-by: George Matsumura gm960420@ohio.edu

Assignee
Assign to
Reviewer
Request review from
Time tracking
Source branch: current