When read() returns with ERROR, local_bufused will be set
to -1; and if we return with local_bufused == -1 left,
the next time we call getc_with_restart(), the condition
(local_index == local_bufused || local_bufused == 0)
will not match, thus we get random data from localbuf[]
with local_index increased each time, eventually we may
access data beyond array localbuf[]. Fix it by resetting
local_index and local_bufused in case of read failure.
Signed-off-by: Yong Zhang <yong.zh...@windriver.com>
---
Please Cc me because I'm not subscribing this list.
input.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/input.c b/input.c
index 2731e29..8362068 100644
--- a/input.c
+++ b/input.c
@@ -92,6 +92,8 @@ getc_with_restart (stream)
if (sh_unset_nodelay_mode (fileno (stream)) < 0)
{
sys_error (_("cannot reset nodelay mode for fd %d"), fileno
(stream));
+ local_index = 0;
+ local_bufused = 0;
return EOF;
}
continue;
@@ -99,6 +101,7 @@ getc_with_restart (stream)
else if (local_bufused == 0 || errno != EINTR)
{
local_index = 0;
+ local_bufused = 0;
return EOF;
}
}
--
1.8.2.1
