This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH v2] Fix writes past the allocated array bounds in execvpe (BZ#20847)
- From: Andreas Schwab <schwab at suse dot de>
- To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
- Cc: libc-alpha at sourceware dot org
- Date: Tue, 22 Nov 2016 14:55:32 +0100
- Subject: Re: [PATCH v2] Fix writes past the allocated array bounds in execvpe (BZ#20847)
- Authentication-results: sourceware.org; auth=none
- References: <1479755377-12442-1-git-send-email-adhemerval.zanella@linaro.org>
On Nov 21 2016, Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote:
> @@ -91,10 +92,11 @@ __execvpe (const char *file, char *const argv[], char *const envp[])
> /* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
> size to avoid unbounded stack allocation. Same applies for
> PATH_MAX. */
> - size_t file_len = __strnlen (file, NAME_MAX + 1);
> + size_t file_len = __strnlen (file, NAME_MAX) + 1;
> size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;
>
> - if ((file_len > NAME_MAX)
> + /* NAME_MAX does not include the terminating null character. */
> + if (((file_len-1) > NAME_MAX)
Spaces around operator and remove redundant parens.
Andreas.
--
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE 1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."