Created attachment 15273 [details] Patch to replace strdup with malloc(PATH_MAX) Consider the following example: extern char *somepath; char *path = realpath(somepath, NULL); strcat(path, "/"); It is common to append directory separators to paths, but when realpath allocates the buffer the size cannot be determined from the outside. While the application can provide its own buffer, it is reasonable for an application to assume that a path buffer will be able to fit a full path string even if it gets modified after the call is made. As a result, modifications to the strdup'd return value may result in a buffer overwrite. A good replacement for the strdup allocation in realpath would be to always allocate a buffer of PATH_MAX size, regardless of the realpath size, so that modifications to the return value will always fit. I've attached a patch that does this. This would fix a crash in the Steamworks SDK, which prior to 2017 always assumed that the buffer returned by realpath had room to append a directory separator to the end.
Just use realloc.