|
From: | Chris Sutcliffe |
Subject: | Re: Minor patch to correct buffer overrun |
Date: | Thu, 19 Aug 2010 21:56:11 -0400 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-GB; rv:1.9.2.8) Gecko/20100802 Thunderbird/3.1.2 |
On 19/08/2010 12:31 PM, Eli Zaretskii wrote:
I'm not at all convinced that there's not still a bug here. The fact that we can force a core dump by providing a very long filename is a bug in make; there's nothing (that I can recall) in make that checks the names of targets to ensure they don't exceed some certain length.For each place in the code where this could happen, we could verify the length in advance and if it's too large, bail out with some error message. This is one such place.
Another option would be to truncate the string to the size of the buffer (like I did in my proposed patch with strncpy()).
Chris
[Prev in Thread] | Current Thread | [Next in Thread] |