|
From: | Paul Eggert |
Subject: | Re: [PATCH] stdio-impl.h: Fix type of _offset field for Android |
Date: | Wed, 28 Sep 2022 18:57:17 -0700 |
User-agent: | Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.3.0 |
On 9/28/22 17:51, Tee KOBAYASHI wrote:
On 32-bit Android fpos_t becomes a 64-bit type when large-file support is enabled, whereas _offset remains 32-bit. Out-of-bounds read/write could happen when _offset field is accessed in this situation.
Thanks for the bug report, but does this actually fix the bug? In recent Android, _offset is documented to not work; android/platform_bionic/libc/stdio/local.h line 101 says "fpos_t _unused_0; // This was the `_offset` field (see below)."
There is a similar issue with DragonFly's _offset field.
[Prev in Thread] | Current Thread | [Next in Thread] |