fix invalid access by openat to possibly-missing variadic mode argument

the mode argument is only required to be present when the O_CREAT or
O_TMPFILE flag is used.

(cherry picked from commit 2da3ab1382ca8e39eb1e4428103764a81fba73d3)

diff --git a/src/fcntl/openat.c b/src/fcntl/openat.c
index 634c4bf3cd6e4ade40c2353bd3bec7e65480c81c..4faeb29613ab5e0a5a45bdcba5bd059260bebfd1 100644 (file)
--- a/src/fcntl/openat.c
+++ b/src/fcntl/openat.c
@@ -6,10 +6,14 @@
 int openat(int fd, const char *filename, int flags, ...)
 {
        mode_t mode;
-       va_list ap;
-       va_start(ap, flags);
-       mode = va_arg(ap, mode_t);
-       va_end(ap);
+
+       if ((flags & O_CREAT) || (flags & O_TMPFILE) == O_TMPFILE) {
+               va_list ap;
+               va_start(ap, flags);
+               mode = va_arg(ap, mode_t);
+               va_end(ap);
+       }
+
        return syscall_cp(SYS_openat, fd, filename, flags|O_LARGEFILE, mode);
 }