Hi, while reading some more udev source, I noticed a potential out of bounds array access in util_create_path(), untested fix below. Florian diff --git a/libudev/libudev-util-private.c b/libudev/libudev-util-private.c index 28008c5..15fac7c 100644 --- a/libudev/libudev-util-private.c +++ b/libudev/libudev-util-private.c @@ -34,11 +34,13 @@ int util_create_path(struct udev *udev, const char *path) util_strscpy(p, sizeof(p), path); pos = strrchr(p, '/'); - if (pos == p || pos == NULL) + if (pos == NULL) return 0; - - while (pos[-1] == '/') + while (pos != p && pos[-1] == '/') pos--; + if (pos == p) + return 0; + pos[0] = '\0'; dbg(udev, "stat '%s'\n", p); -- To unsubscribe from this list: send the line "unsubscribe linux-hotplug" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
