On 02/08/2012 03:13 AM, Pádraig Brady wrote:

>> From d1f3998942236194f1894c45804ec947d07ed134 Mon Sep 17 00:00:00 2001
>> From: Eric Blake <eblake@redhat.com>
>> Date: Sat, 4 Feb 2012 11:11:40 -0700
>> Subject: [PATCH] canonicalize: avoid uninitialized memory use
>>
>> When DOUBLE_SLASH_IS_DISTINCT_ROOT is non-zero, then we were
>> reading the contents of rpath[1] even when we had never written
>> anything there, which meant that "///" would usually canonicalize
>> to "/" but sometimes to "//" if a '/' was leftover in the heap.
>> This condition could also occur via 'ln -s / //some/path' and
>> canonicalizing //some/path, where we rewind rpath but do not
>> clear out the previous round.  Platforms where "//" and "/" are
>> equivalent do not suffer from this read-beyond-written bounds.
>>

> 
> Thanks for handling this Eric.

No problem.

> I was wondering if you had seen this and what overlap there is?
> http://lists.gnu.org/archive/html/bug-gnulib/2012-01/msg00253.html

I saw it go by, but never looked at it closely. I guess it's time to
revive that thread, although it may need rebasing now.

-- 
Eric Blake   eblake@redhat.com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org