On 9/28/22 17:51, Tee KOBAYASHI wrote:
On 32-bit Android fpos_t becomes a 64-bit type when large-file support is enabled, whereas _offset remains 32-bit. Out-of-bounds read/write could happen when _offset field is accessed in this situation.
Thanks for the bug report, but does this actually fix the bug? In recent Android, _offset is documented to not work; android/platform_bionic/libc/stdio/local.h line 101 says "fpos_t _unused_0; // This was the `_offset` field (see below)."
There is a similar issue with DragonFly's _offset field.
