regex: fix uninitialized memory access
[glibc.git] / debug / strncat_chk.c
blobc5283e58b38b27714e3a91d8074cad7f52368a1e
1 /* Copyright (C) 1991-2018 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
4 The GNU C Library is free software; you can redistribute it and/or
5 modify it under the terms of the GNU Lesser General Public
6 License as published by the Free Software Foundation; either
7 version 2.1 of the License, or (at your option) any later version.
9 The GNU C Library is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 Lesser General Public License for more details.
14 You should have received a copy of the GNU Lesser General Public
15 License along with the GNU C Library; if not, see
16 <http://www.gnu.org/licenses/>. */
18 #include <string.h>
20 #include <memcopy.h>
23 char *
24 __strncat_chk (char *s1, const char *s2, size_t n, size_t s1len)
26 char c;
27 char *s = s1;
29 /* Find the end of S1. */
32 if (__glibc_unlikely (s1len-- == 0))
33 __chk_fail ();
34 c = *s1++;
36 while (c != '\0');
38 /* Make S1 point before next character, so we can increment
39 it while memory is read (wins on pipelined cpus). */
40 ++s1len;
41 s1 -= 2;
43 if (n >= 4)
45 size_t n4 = n >> 2;
48 if (__glibc_unlikely (s1len-- == 0))
49 __chk_fail ();
50 c = *s2++;
51 *++s1 = c;
52 if (c == '\0')
53 return s;
54 if (__glibc_unlikely (s1len-- == 0))
55 __chk_fail ();
56 c = *s2++;
57 *++s1 = c;
58 if (c == '\0')
59 return s;
60 if (__glibc_unlikely (s1len-- == 0))
61 __chk_fail ();
62 c = *s2++;
63 *++s1 = c;
64 if (c == '\0')
65 return s;
66 if (__glibc_unlikely (s1len-- == 0))
67 __chk_fail ();
68 c = *s2++;
69 *++s1 = c;
70 if (c == '\0')
71 return s;
72 } while (--n4 > 0);
73 n &= 3;
76 while (n > 0)
78 if (__glibc_unlikely (s1len-- == 0))
79 __chk_fail ();
80 c = *s2++;
81 *++s1 = c;
82 if (c == '\0')
83 return s;
84 n--;
87 if (c != '\0')
89 if (__glibc_unlikely (s1len-- == 0))
90 __chk_fail ();
91 *++s1 = '\0';
94 return s;