[vlc-devel] [PATCH] Fix Hurd build
samuel.thibault at ens-lyon.org
Tue Apr 26 21:14:17 CEST 2016
Rémi Denis-Courmont, on Tue 26 Apr 2016 22:12:04 +0300, wrote:
> On Tuesday 26 April 2016 20:27:13 Samuel Thibault wrote:
> > Rémi Denis-Courmont, on Tue 26 Apr 2016 10:00:39 +0200, wrote:
> > > >+ long path_max = pathconf (".", _PC_PATH_MAX);
> > > >+ size_t maxsize = (path_max == -1 || path_max > 4096) ? 4096 :
> > > >path_max;
> > > >+ char fname[BLOCKSIZE + maxsize];
> > >
> > > Looks like we have a stack buffer overflow here, with or without the
> > > patch.
> > You mean because PATH_MAX is big? Right, I have turned that into
> > dynamic allocation.
> I mean the following sprintf(). Maybe there was a nonobvious way to prevent
> overflow, but I don´t see it.
Ok. The "idea" behind PATH_MAX is that it's supposed to be the maximum
size you'd want to pass with prefix and filename. But yes, that won't
prevent anybody from actually passing bigger filenames, and so the
second patch I sent, which uses malloc, just avoids the issue altogether.
More information about the vlc-devel