fix off-by-one in bounds check in fpathconf
authorRich Felker <dalias@aerifal.cx>
Fri, 5 Sep 2014 18:01:13 +0000 (14:01 -0400)
committerRich Felker <dalias@aerifal.cx>
Mon, 30 Mar 2015 05:15:44 +0000 (01:15 -0400)
this error resulted in an out-of-bounds read, as opposed to a reported
error, when calling the function with an argument one greater than the
max valid index.

(cherry picked from commit 3bed89aa7456d9fe30e550cb5e21f8911036695b)

src/conf/fpathconf.c

index 28c4345c2e9888333449b35ce3bc03dc966fe27e..8eb037e6b1173c155efb8f9d1f931703d8851d1b 100644 (file)
@@ -27,7 +27,7 @@ long fpathconf(int fd, int name)
                [_PC_SYMLINK_MAX] = SYMLINK_MAX,
                [_PC_2_SYMLINKS] = 1
        };
-       if (name > sizeof(values)/sizeof(values[0])) {
+       if (name >= sizeof(values)/sizeof(values[0])) {
                errno = EINVAL;
                return -1;
        }