3.82 isn't the latest. It looks like someone beat you to it: Differences between revisions 3f6bb04e75e5a02f23339c9d4bec99b22d430803 and 6405534814f04899890a2d932db9a4985fd772fe:
2012-02-26 21:34:51 +0000 psm...@gnu.org (6405534814f04899890a2d932db9a4985fd772fe) Check for possible buffer overflow on very long filenames. Fixes Savannah bug #35525 --------------------------------------------------- diff --git a/implicit.c b/implicit.c index 96c7b2b..c5f7481 100644 --- a/implicit.c +++ b/implicit.c @@ -488,6 +488,13 @@ pattern_search (struct file *file, int archive, dir = pathdir; } + if (stemlen > GET_PATH_MAX) + { + DBS (DB_IMPLICIT, (_("Stem too long: `%.*s'.\n"), + (int) stemlen, stem)); + continue; + } + DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"), (int) stemlen, stem)); From: bug-make-bounces+martin.dorey=hds....@gnu.org [mailto:bug-make-bounces+martin.dorey=hds....@gnu.org] On Behalf Of Mustapha Abiola Sent: Friday, June 27, 2014 22:30 To: bug-make@gnu.org Subject: Buffer overflow in orig/implicit.c Kindly consider my fix for the lack of bounds checks in implicit.c Index: make-3.82/implicit.c =================================================================== --- make-3.82.orig/implicit.c +++ make-3.82/implicit.c @@ -488,6 +488,9 @@ pattern_search (struct file *file, int a dir = pathdir; } + if (stemlen >= PATH_MAX) + fatal (NILF, _("File name too long")); + DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"), (int) stemlen, stem)); Thanks.
_______________________________________________ Bug-make mailing list Bug-make@gnu.org https://lists.gnu.org/mailman/listinfo/bug-make