bin/74368: Bug in archive code (string is truncated)
Max Okumoto
okumoto at ucsd.edu
Thu Nov 25 03:50:26 PST 2004
>Number: 74368
>Category: bin
>Synopsis: Bug in archive code (string is truncated)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Nov 25 11:50:25 GMT 2004
>Closed-Date:
>Last-Modified:
>Originator: Max Okumoto
>Release: 5.2.1
>Organization:
Univ Calif San Diego
>Environment:
FreeBSD oecpc11.ucsd.edu 5.2.1-RELEASE-p12 FreeBSD 5.2.1-RELEASE-p12 #0: Thu Nov 25 01:31:26 PST 2004 root at oecpc11.ucsd.edu:/usr/obj/usr/src/sys/GENERIC i386
>Description:
Date: 2004/11/14 20:13:12
Author: dillon
Log:
Fix an inverted conditional which could lead to nameBuf being truncated in the later snprintf().
Noticed-by: Max Okumoto <okumoto at home>
Members:
arch.c:1.11->1.12
>How-To-Repeat:
>Fix:
Apply patch.
diff -ru fbsd-src/make/arch.c dfly-src/make/arch.c
--- arch.c Mon Nov 15 20:39:53 2004
+++ arch.c Mon Nov 15 20:39:56 2004
@@ -341,15 +339,17 @@
char *member;
size_t sz = MAXPATHLEN;
size_t nsz;
+
nameBuf = emalloc(sz);
Dir_Expand(memName, dirSearchPath, members);
while (!Lst_IsEmpty(members)) {
member = (char *)Lst_DeQueue(members);
- nsz = strlen(libName) + strlen(member) + 3;
- if (sz > nsz)
- nameBuf = erealloc(nameBuf, sz = nsz * 2);
-
+ nsz = strlen(libName) + strlen(member) + 3; /* 3 = ()+\0 */
+ if (sz < nsz) {
+ sz = nsz * 2;
+ nameBuf = erealloc(nameBuf, sz);
+ }
snprintf(nameBuf, sz, "%s(%s)", libName, member);
free(member);
gn = Targ_FindNode (nameBuf, TARG_CREATE);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list