Mail Archives: cygwin/2005/05/05/22:41:15
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
According to Paul Eggert on 5/5/2005 2:09 AM:
> @@ -207,8 +207,14 @@ make_path (const char *argpath,
> /* If we've saved the cwd and DIRPATH is an absolute pathname,
> we must chdir to `/' in order to enable the chdir optimization.
> So if chdir ("/") fails, turn off the optimization. */
> - if (do_chdir && *dirpath == '/' && chdir ("/") < 0)
> - do_chdir = false;
> + if (do_chdir && dirpath[0] == '/')
> + {
> + /* POSIX says "//" might be special, so chdir to "//" if the
> + file name starts with exactly two slashes. */
> + char const *root = "//" + (dirpath[1] != '/' || dirpath[2] == '/');
Oops - buffer overflow bug. dirpath[2] is past the end of the string on
dirpath of "/", since you are only testing for dirpath[1] != '/'. Try
this instead:
char const *root = "//" + (dirpath[1] != '/'
|| (*dirpath[1] && dirpath[2] == '/'));
True, dirpath was created via alloca, which on most architectures
allocates on word boundaries, so dirpath[2] is probably safe to reference,
but that is beside the point. For that matter, since path names can be
arbitrary length (on some platforms), allocating dirpath with alloca is
asking for problems with the potential of stack overflow.
- --
Life is short - so eat dessert first!
Eric Blake ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCetkz84KuGfSFAYARAveaAJ4nczwBy9G9D4qct3z4dhSo+C5YIACg0aMI
P2Dbg6xbPaoYLPR51j53DnA=
=TGwj
-----END PGP SIGNATURE-----
--
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html
Documentation: http://cygwin.com/docs.html
FAQ: http://cygwin.com/faq/
- Raw text -