Follow-up Comment #1, bug#65172 (group make): A user reported a buffer overflow on a variable with a long name.
Here is a fix. [SV 65172] Fix a buffer overrun on a variable with a long name. * src/expand.c (recursively_expand_for_file): Fix a buffer overrun. * tests/scripts/functions/shell: Add a test. diff --git a/src/expand.c b/src/expand.c index fe09c9c3..283a3d47 100644 --- a/src/expand.c +++ b/src/expand.c @@ -164,9 +164,11 @@ recursively_expand_for_file (struct variable *v, struct file *file) /* We could create a hash for the original environment for speed, but a reasonably written makefile shouldn't hit this situation... */ for (ep = environ; *ep != 0; ++ep) - if ((*ep)[nl] == '=' && strncmp (*ep, v->name, nl) == 0) - return xstrdup ((*ep) + nl + 1); - + { + size_t len = strlen (*ep); + if (len >= nl && (*ep)[nl] == '=' && memcmp (*ep, v->name, nl) == 0) + return xstrdup ((*ep) + nl + 1); + } /* If there's nothing in the parent environment, use the empty string. This isn't quite correct since the variable should not exist at all, but getting that to work would be involved. */ Here is a test. [SV 65172] Fix a buffer overrun on a variable with a long name. * src/expand.c (recursively_expand_for_file): Fix a buffer overrun. * tests/scripts/functions/shell: Add a test. diff --git a/tests/scripts/functions/shell b/tests/scripts/functions/shell index e5c346cc..b9b9ee32 100644 --- a/tests/scripts/functions/shell +++ b/tests/scripts/functions/shell @@ -213,4 +213,15 @@ endif '--no-print-directory -j2', ": 2\n: 1"); } +if ($port_type eq 'UNIX') { + # sv 65172. + # Buffer overrun in recursively_expand_for_file on a variable with a long + # name. + my $v = "a1234567890" x 4 x 1000; + run_make_test(" +export $v=\$(shell echo hello) +all:; \@echo \$\$$v +", '', "hello\n"); +} + 1; The original mail is here https://lists.gnu.org/archive/html/bug-make/2024-01/msg00044.html _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?65172> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/