commit
01ae3fc6d48f4a45535189b7a6db286535af08ca modified fstatat to
translate the kernel's struct stat ("kstat") into the libc struct stat.
To do this, it created a local kstat object, and copied its contents
into the user-provided object.
However, the commit neglected to update the fstat compatibility path and
its fallbacks. They continued to pass the user-supplied object to the
kernel, later overwiting it with the uninitialized memory in the local
temporary.
struct kstat kst;
if (flag==AT_EMPTY_PATH && fd>=0 && !*path) {
struct kstat kst;
if (flag==AT_EMPTY_PATH && fd>=0 && !*path) {
- ret = __syscall(SYS_fstat, fd, st);
+ ret = __syscall(SYS_fstat, fd, &kst);
if (ret==-EBADF && __syscall(SYS_fcntl, fd, F_GETFD)>=0) {
if (ret==-EBADF && __syscall(SYS_fcntl, fd, F_GETFD)>=0) {
- ret = __syscall(SYS_fstatat, fd, path, st, flag);
+ ret = __syscall(SYS_fstatat, fd, path, &kst, flag);
if (ret==-EINVAL) {
char buf[15+3*sizeof(int)];
__procfdname(buf, fd);
#ifdef SYS_stat
if (ret==-EINVAL) {
char buf[15+3*sizeof(int)];
__procfdname(buf, fd);
#ifdef SYS_stat
- ret = __syscall(SYS_stat, buf, st);
+ ret = __syscall(SYS_stat, buf, &kst);
- ret = __syscall(SYS_fstatat, AT_FDCWD, buf, st, 0);
+ ret = __syscall(SYS_fstatat, AT_FDCWD, buf, &kst, 0);