[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Findutils-patches] [PATCH] ftsfind.c: avoid buffer overflow in -D c
From: |
Bernhard Voelker |
Subject: |
Re: [Findutils-patches] [PATCH] ftsfind.c: avoid buffer overflow in -D code |
Date: |
Mon, 9 Jul 2018 17:50:56 +0200 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0 |
On 07/09/2018 05:23 PM, Jim Meyering wrote:
> On Mon, Jul 9, 2018 at 5:57 AM, Bernhard Voelker
> <address@hidden> wrote:
>> On 07/08/2018 06:19 AM, Jim Meyering wrote:
>>> On Sat, Jul 7, 2018 at 4:13 PM, Bernhard Voelker
>>> <address@hidden> wrote:
>>>> - static char buf[10];
>>>> + static char buf[14];
>>>
>>> Or maybe this, since you already use the intprops module, just add
>>> this somewhere prior: #include "intprops.h"
>>>
>>> static char buf[1 + INT_BUFSIZE_BOUND (info) + 1];
>>
>> Even better, thanks!
>> I wrapped that into the attached patch in your name ... pushing soon.
>
> Thanks. Actually, we must not rely on it being already available due
> to a transitive dependency.
> Instead, I suggest to make the dependency on this gnulib module
> explicit by adding its name to bootstrap.conf:
Good point. This adds up to the attached.
Is there an automated check to avoid such transitive deps?
Thanks & have a nice day,
Berny
0001-maint-use-gnulib-s-intprops-module-to-avoid-magic-nu.v2.patch
Description: Text Data