Mail Archives: djgpp/1998/03/12/14:46:02
Eli Zaretskii (eliz AT is DOT elta DOT co DOT il) wrote:
: On 6 Mar 1998, Martin Stromberg wrote:
: > Two error conditions, with (at least two) consequences: ungraceful
: > handling of the error conditions disk full and too deep directory
: > nesting, which result in endless loop or stack overwrite.
: The second bug is to the best of my knowledge fixed in the latest
: alpha version (you didn't specify the problem precisely, so I can only
: guess). But the first bug is not fixed yet; so please submit the
: necessary changes. Thanks.
Well, I think I still can get a stack overwrite with the latest djtar.
Try to "djtar -x" a file containing directories. Then "djtar -x" the
same file again. When djtar asks you for a new directory name give it
"1" as new directory name. Then "djtar -x" the same file again (again).
When djtar asks you for a new directory name give it "1" as new
directory name again, then when djtar asks you for a new directory name
(as 1 already existed) give it "22". Voila crash is a fact.
I think I see the problem in the code but I'm not sure exactly how to
fix it:
Lines 149-150 of src/utils/djtar/djtar.c are
sprintf(new, "%s%s", ch->new, fname+strlen(ch->old));
strcpy(fname, new);
This will make the length of new grow and grow and finally overwrite the
stack.
Any ideas?
MartinS
- Raw text -