From 25ca306958f47d2bcf719496b52d5b1d9d9571c2 Mon Sep 17 00:00:00 2001
From: delphij <delphij@FreeBSD.org>
Date: Wed, 10 Dec 2014 08:24:02 +0000
Subject: MFC r275665:

Fix buffer overflow in stdio.

Security:	FreeBSD-SA-14:27.stdio
Security:	CVE-2014-8611
---
 lib/libc/stdio/fflush.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'lib')

diff --git a/lib/libc/stdio/fflush.c b/lib/libc/stdio/fflush.c
index ef9b45b..123167a 100644
--- a/lib/libc/stdio/fflush.c
+++ b/lib/libc/stdio/fflush.c
@@ -124,11 +124,13 @@ __sflush(FILE *fp)
 		t = _swrite(fp, (char *)p, n);
 		if (t <= 0) {
 			/* Reset _p and _w. */
-			if (p > fp->_p)	/* Some was written. */
+			if (p > fp->_p) {
+				/* Some was written. */
 				memmove(fp->_p, p, n);
-			fp->_p += n;
-			if ((fp->_flags & (__SLBF | __SNBF)) == 0)
-				fp->_w -= n;
+				fp->_p += n;
+				if ((fp->_flags & (__SLBF | __SNBF)) == 0)
+					fp->_w -= n;
+			}
 			fp->_flags |= __SERR;
 			return (EOF);
 		}
-- 
cgit v1.1