This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH v2] Fix writes past the allocated array bounds in execvpe (BZ#20847)

From: Andreas Schwab <schwab at suse dot de>
To: Adhemerval Zanella <adhemerval dot zanella at linaro dot org>
Cc: libc-alpha at sourceware dot org
Date: Tue, 22 Nov 2016 14:55:32 +0100
Subject: Re: [PATCH v2] Fix writes past the allocated array bounds in execvpe (BZ#20847)
Authentication-results: sourceware.org; auth=none
References: <1479755377-12442-1-git-send-email-adhemerval.zanella@linaro.org>

On Nov 21 2016, Adhemerval Zanella <adhemerval.zanella@linaro.org> wrote:

> @@ -91,10 +92,11 @@ __execvpe (const char *file, char *const argv[], char *const envp[])
>    /* Although GLIBC does not enforce NAME_MAX, we set it as the maximum
>       size to avoid unbounded stack allocation.  Same applies for
>       PATH_MAX.  */
> -  size_t file_len = __strnlen (file, NAME_MAX + 1);
> +  size_t file_len = __strnlen (file, NAME_MAX) + 1;
>    size_t path_len = __strnlen (path, PATH_MAX - 1) + 1;
>  
> -  if ((file_len > NAME_MAX)
> +  /* NAME_MAX does not include the terminating null character.  */
> +  if (((file_len-1) > NAME_MAX)

Spaces around operator and remove redundant parens.

Andreas.

-- 
Andreas Schwab, SUSE Labs, schwab@suse.de
GPG Key fingerprint = 0196 BAD8 1CE9 1970 F4BE  1748 E4D4 88E3 0EEA B9D7
"And now for something completely different."

References:
- [PATCH v2] Fix writes past the allocated array bounds in execvpe (BZ#20847)
  - From: Adhemerval Zanella

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]