From: H.J. Lu <hjl.tools@gmail.com>
Date: Sat, 25 May 2024 12:13:41 +0000 (-0700)
Subject: parse_fdinfo: Don't advance pointer twice [BZ #31798]
X-Git-Tag: glibc-2.40~158
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f981bf6b9db87e0732b46bfe92fdad4d363225e8;p=thirdparty%2Fglibc.git

parse_fdinfo: Don't advance pointer twice [BZ #31798]

pidfd_getpid.c has

      /* Ignore invalid large values.  */
      if (INT_MULTIPLY_WRAPV (10, n, &n)
          || INT_ADD_WRAPV (n, *l++ - '0', &n))
        return -1;

For GCC older than GCC 7, INT_ADD_WRAPV(a, b, r) is defined as

   _GL_INT_OP_WRAPV (a, b, r, +, _GL_INT_ADD_RANGE_OVERFLOW)

and *l++ - '0' is evaluated twice.  Fix BZ #31798 by moving "l++" out of
the if statement.  Tested with GCC 6.4 and GCC 14.1.

Signed-off-by: H.J. Lu <hjl.tools@gmail.com>
Reviewed-by: Adhemerval Zanella  <adhemerval.zanella@linaro.org>
---

diff --git a/sysdeps/unix/sysv/linux/pidfd_getpid.c b/sysdeps/unix/sysv/linux/pidfd_getpid.c
index ebcbe8fdf6..6967477fab 100644
--- a/sysdeps/unix/sysv/linux/pidfd_getpid.c
+++ b/sysdeps/unix/sysv/linux/pidfd_getpid.c
@@ -74,8 +74,10 @@ parse_fdinfo (const char *l, void *arg)
 
       /* Ignore invalid large values.  */
       if (INT_MULTIPLY_WRAPV (10, n, &n)
-          || INT_ADD_WRAPV (n, *l++ - '0', &n))
+          || INT_ADD_WRAPV (n, *l - '0', &n))
         return -1;
+
+      l++;
     }
 
   /* -1 indicates that the process is terminated.  */