local-qsort-memory-corruption

author GNU Libc Maintainers <debian-glibc@lists.debian.org>

Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)

committer Aurelien Jarno <aurel32@debian.org>

Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)
author GNU Libc Maintainers <debian-glibc@lists.debian.org>
Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)
committer Aurelien Jarno <aurel32@debian.org>
Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)
diff --git a/stdlib/qsort.c b/stdlib/qsort.c

index 728a0ed370e00a76bdd22c3317a75b9be6736f48..b11ad3a87101f242f59656acb35d6d54e1f5253e 100644 (file)
--- a/stdlib/qsort.c
+++ b/stdlib/qsort.c
@@ -224,7 +224,8 @@ _quicksort (void *const pbase, size_t total_elems, size_t size,
      while ((run_ptr += size) <= end_ptr)
        {
         tmp_ptr = run_ptr - size;
-       while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
+       while (tmp_ptr != base_ptr
+              && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
           tmp_ptr -= size;
  
         tmp_ptr += size;
author	GNU Libc Maintainers <debian-glibc@lists.debian.org>
	Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)
committer	Aurelien Jarno <aurel32@debian.org>
	Wed, 31 Jan 2024 20:45:37 +0000 (21:45 +0100)