From 6b87e941f932a93120383de33f5237395fc1354a Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Wed, 6 Apr 2011 12:35:05 -0400 Subject: [PATCH] fix completely bogus loop condition in getmntent_r somehow this worked on my simple fstab, but horribly broke in general, leading to use of uninitialized offset array and crashes. --- src/linux/mntent.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/linux/mntent.c b/src/linux/mntent.c index 26d045c2..48c85bd6 100644 --- a/src/linux/mntent.c +++ b/src/linux/mntent.c @@ -26,7 +26,7 @@ struct mntent *getmntent_r(FILE *f, struct mntent *mnt, char *linebuf, int bufle cnt = sscanf(linebuf, " %n%*s%n %n%*s%n %n%*s%n %n%*s%n %d %d", n, n+1, n+2, n+3, n+4, n+5, n+6, n+7, &mnt->mnt_freq, &mnt->mnt_passno); - } while (cnt >= 8 && linebuf[n[0]] != '#'); + } while (cnt < 2 || linebuf[n[0]] == '#'); linebuf[n[1]] = 0; linebuf[n[3]] = 0; -- GitLab