[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Minor patch to correct buffer overrun

From: Eli Zaretskii
Subject: Re: Minor patch to correct buffer overrun
Date: Fri, 20 Aug 2010 12:00:21 +0300

> Date: Thu, 19 Aug 2010 21:56:11 -0400
> From: Chris Sutcliffe <address@hidden>
> CC: address@hidden, address@hidden
>   On 19/08/2010 12:31 PM, Eli Zaretskii wrote:
> >> I'm not at all convinced that there's not still a bug here.  The fact
> >> that we can force a core dump by providing a very long filename is a bug
> >> in make; there's nothing (that I can recall) in make that checks the
> >> names of targets to ensure they don't exceed some certain length.
> > For each place in the code where this could happen, we could verify
> > the length in advance and if it's too large, bail out with some error
> > message.  This is one such place.
> Another option would be to truncate the string to the size of the buffer 
> (like I did in my proposed patch with strncpy()).

This would only sweep problems under the carpet.  Worse, it could
cause Make do something it wasn't supposed to, if the truncation
happens at some point where the result looks like a valid file name
that does exist.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]