stdio-common: Fix overflow registering modifier [BZ #34086]

* stdio-common/reg-modifier.c: The wchar in str can be greater or equal
than 0, and less or equal than UCHAR_MAX, that means, we need a buffer
with UCHAR_MAX + 1 elements, so that user input will not overflow
__printf_modifier_table.

Signed-off-by: Rocket Ma <marocketbd@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>

diff --git a/stdio-common/reg-modifier.c b/stdio-common/reg-modifier.c
index 60d0521527a36beaac2b2b0c967bd07c28ae0973..367f482bd5af99d89a03ba91431c2a6ed273a086 100644 (file)
--- a/stdio-common/reg-modifier.c
+++ b/stdio-common/reg-modifier.c
@@ -66,7 +66,7 @@ __register_printf_modifier (const wchar_t *str)
 
   if (__printf_modifier_table == NULL)
     {
-      __printf_modifier_table = calloc (UCHAR_MAX,
+      __printf_modifier_table = calloc (UCHAR_MAX + 1,
                                        sizeof (*__printf_modifier_table));
       if (__printf_modifier_table == NULL)
        goto out;