svn commit: r368503 - head/usr.sbin/crunch/crunchgen
Stefan Eßer
se at FreeBSD.org
Thu Dec 10 09:31:06 UTC 2020
Author: se
Date: Thu Dec 10 09:31:05 2020
New Revision: 368503
URL: https://svnweb.freebsd.org/changeset/base/368503
Log:
Lift scope of buf[] to make it extend to a potential access via *basename
It can be assumed that the contents of the buffer was still allocated and
valid at the point of the out-of-scope access, so there was no security
issue in practice.
Reported by: Coverity Scan CID 1437697
MFC after: 3 days
Modified:
head/usr.sbin/crunch/crunchgen/crunched_main.c
Modified: head/usr.sbin/crunch/crunchgen/crunched_main.c
==============================================================================
--- head/usr.sbin/crunch/crunchgen/crunched_main.c Thu Dec 10 09:30:09 2020 (r368502)
+++ head/usr.sbin/crunch/crunchgen/crunched_main.c Thu Dec 10 09:31:05 2020 (r368503)
@@ -114,6 +114,7 @@ main(int argc, char **argv, char **envp)
{
struct stub *ep = NULL;
const char *basename = NULL;
+ char buf[MAXPATHLEN];
/*
* Look at __progname first (this will be set if the crunched binary is
@@ -141,7 +142,6 @@ main(int argc, char **argv, char **envp)
* try AT_EXECPATH to get the actual binary that was executed.
*/
if (ep == NULL) {
- char buf[MAXPATHLEN];
int error = elf_aux_info(AT_EXECPATH, &buf, sizeof(buf));
if (error == 0) {
More information about the svn-src-all
mailing list