On Thu, 1 May 2025, Takashi Yano wrote: > On Wed, 30 Apr 2025 12:45:56 -0700 (PDT) > Jeremy Drake wrote: > > The DL_info::dli_fname member is actually PATH_MAX bytes, so specify > > that (larger) size to cygwin_conv_path rather than MAX_PATH. > > > > Also, use a tmp_pathbuf for the GetModuleFileNameW buffer, so that any > > buffer size limitation will definitely be due to the size of dli_fname, > > and add a static_assert of the size of dli_fname so we can be sure we're > > using the right size constant here. > > > > Thanks for the patch. LGTM. Pushed.
Thanks. Sorry I didn't write anything in the release/3.6.2 file for this one - I didn't think it necessarily needed to be backported as it was mostly a theoretical issue. It's not like it was a buffer overflow, it was just that if a module was loaded from a long enough path it would result in an error when there was actually enough space in the dli_fname member to hold it. (That's another reason why I didn't write something for the release file: it's hard to explain succinctly in a way that doesn't sound like it's a potential buffer overflow!) Also, I do now have push-after-approval permissions, so I can push my own patches once you, Corinna, or Jon OK them.
