From bef7a85e45ccc4b40958ca6d94894ca0d27e8291 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 16 Apr 2012 13:03:22 -0400 Subject: [PATCH] fix crash in wordfree if we_offs is not initialized by the caller I'm not sure if it's legal for wordexp to modify this field, but this is the only easy/straightforward fix, and applications should not care. if it's an issue, i can work out a different (but more complex) solution later. --- src/misc/wordexp.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/misc/wordexp.c b/src/misc/wordexp.c index 4a3efc7b..34fc900a 100644 --- a/src/misc/wordexp.c +++ b/src/misc/wordexp.c @@ -82,6 +82,8 @@ static int do_wordexp(const char *s, wordexp_t *we, int flags) if (we->we_offs > SIZE_MAX/sizeof(void *)/4) return WRDE_NOSPACE; i += we->we_offs; + } else { + we->we_offs = 0; } if (pipe(p) < 0) return WRDE_NOSPACE; -- 2.25.1