local-qsort-memory-corruption

author GNU Libc Maintainers <debian-glibc@lists.debian.org>

Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)

committer Sean Whitton <spwhitton@spwhitton.name>

Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)
author GNU Libc Maintainers <debian-glibc@lists.debian.org>
Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)
committer Sean Whitton <spwhitton@spwhitton.name>
Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)
diff --git a/stdlib/qsort.c b/stdlib/qsort.c

index 4f78bf515df20f158838c06250be28b898df74ed..7928b60694ed4de32545081751f61c14a4558a14 100644 (file)
--- a/stdlib/qsort.c
+++ b/stdlib/qsort.c
@@ -225,7 +225,8 @@ _quicksort (void *const pbase, size_t total_elems, size_t size,
      while ((run_ptr += size) <= end_ptr)
        {
         tmp_ptr = run_ptr - size;
-       while ((*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
+       while (tmp_ptr != base_ptr
+              && (*cmp) ((void *) run_ptr, (void *) tmp_ptr, arg) < 0)
           tmp_ptr -= size;
  
         tmp_ptr += size;
author	GNU Libc Maintainers <debian-glibc@lists.debian.org>
	Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)
committer	Sean Whitton <spwhitton@spwhitton.name>
	Tue, 27 May 2025 10:40:04 +0000 (11:40 +0100)