From: Christophe CURIS <[email protected]> As reported by coverity, calling 'wexpandpath' with a path that contains either '$()', '$(\0' or '$\0' would cause an undefined behaviour because the 'buffer2' would be uninitialised.
Signed-off-by: Christophe CURIS <[email protected]> --- WINGs/findfile.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/WINGs/findfile.c b/WINGs/findfile.c index 6d0593c..21ed7e2 100644 --- a/WINGs/findfile.c +++ b/WINGs/findfile.c @@ -138,17 +138,19 @@ char *wexpandpath(const char *path) char *tmp; if (*path == '$') { - int j = 0; + int j; + path++; /* expand $(HOME) or $HOME style environment variables */ if (*path == '(') { path++; + j = 0; while (*path != 0 && *path != ')') { if (j > PATH_MAX) goto error; buffer2[j++] = *(path++); - buffer2[j] = 0; } + buffer2[j] = 0; if (*path == ')') { path++; tmp = getenv(buffer2); @@ -173,12 +175,13 @@ char *wexpandpath(const char *path) goto error; } } else { + j = 0; while (*path != 0 && *path != '/') { if (j > PATH_MAX) goto error; buffer2[j++] = *(path++); - buffer2[j] = 0; } + buffer2[j] = 0; tmp = getenv(buffer2); if (!tmp) { if ((i += strlen(buffer2) + 1) > PATH_MAX || -- 1.9.2 -- To unsubscribe, send mail to [email protected].
