bug-make
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug #36641] Crash when using ridiculously large target names

From: Rob Walker
Subject: Re: [bug #36641] Crash when using ridiculously large target names
Date: Tue, 12 Jun 2012 12:53:10 -0700
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:12.0) Gecko/20120428 Thunderbird/12.0.1 
On 6/12/12 10:16 AM, anonymous wrote:
> URL:
>   <http://savannah.gnu.org/bugs/?36641>
>
>                  Summary: Crash when using ridiculously large target names
>                  Project: make
>             Submitted by: None
>             Submitted on: Tue 12 Jun 2012 05:16:49 PM UTC
>                 Severity: 3 - Normal
>               Item Group: Bug
>                   Status: None
>                  Privacy: Public
>              Assigned to: None
>              Open/Closed: Open
>          Discussion Lock: Any
>        Component Version: 3.82
>         Operating System: Any
>            Fixed Release: None
>            Triage Status: None
>
>     _______________________________________________________
>
> Details:
>
> If the stem len is bigger than PATH_MAX, it results in a buffer over run:
>
> 455a456
>>         unsigned int stemlen_copy;
> 494,495c495,497
> <           strncpy (stem_str, stem, stemlen);
> <           stem_str[stemlen] = '\0';
> ---
>>           stemlen_copy = stemlen > sizeof(stem_str) ? sizeof(stem_str) :
> stemlen;
>>           strncpy (stem_str, stem, stemlen_copy);
>>           stem_str[stemlen_copy] = '\0';

The proposed patch has yet another buffer overrun, off by one.

-Rob
reply via email to
[Prev in Thread] Current Thread [Next in Thread]