On 6/12/12 10:16 AM, anonymous wrote: > URL: > <http://savannah.gnu.org/bugs/?36641> > > Summary: Crash when using ridiculously large target names > Project: make > Submitted by: None > Submitted on: Tue 12 Jun 2012 05:16:49 PM UTC > Severity: 3 - Normal > Item Group: Bug > Status: None > Privacy: Public > Assigned to: None > Open/Closed: Open > Discussion Lock: Any > Component Version: 3.82 > Operating System: Any > Fixed Release: None > Triage Status: None > > _______________________________________________________ > > Details: > > If the stem len is bigger than PATH_MAX, it results in a buffer over run: > > 455a456 >> unsigned int stemlen_copy; > 494,495c495,497 > < strncpy (stem_str, stem, stemlen); > < stem_str[stemlen] = '\0'; > --- >> stemlen_copy = stemlen > sizeof(stem_str) ? sizeof(stem_str) : > stemlen; >> strncpy (stem_str, stem, stemlen_copy); >> stem_str[stemlen_copy] = '\0';
The proposed patch has yet another buffer overrun, off by one. -Rob _______________________________________________ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make
