expand: Fix buffer overflow in expandmeta - dash - patched shell with cmake build

summary refs log tree commit diff

path: root/src/mkinit.c

diff options

author	Herbert Xu <herbert@gondor.apana.org.au>	2018-03-25 16:38:00 +0800
committer	Herbert Xu <herbert@gondor.apana.org.au>	2018-04-02 23:30:44 +0800
commit	0f3806dd899ace97d5909f195882697ef9dd1eaa (patch)
tree	2d61861bf874ce560afb4a1017c7c099209140dd /src/mkinit.c
parent	builtin: Move echo space/nl handling into print_escape_str (diff)
download	dash-0f3806dd899ace97d5909f195882697ef9dd1eaa.tar.gz dash-0f3806dd899ace97d5909f195882697ef9dd1eaa.zip

expand: Fix buffer overflow in expandmeta

The native version of expandmeta allocates a buffer that may be
overrun for two reasons.  First of all the size is 1 byte too small
but this is normally hidden because the minimum size is rounded
up to 2048 bytes.  Secondly, if the directory level is deep enough,
any buffer can be overrun.

This patch fixes both problems by calling realloc when necessary.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>

Diffstat (limited to 'src/mkinit.c')

0 files changed, 0 insertions, 0 deletions

feb5d52609a38c5d5d410456d796673fe8461&follow=1'>filters: Improved syntax-highlighting.pyStefan Tatschner 2014-01-12tests: add CGIT_TEST_OPTS variable to MakefileJohn Keeping 2014-01-12ui-repolist: HTML-escape cgit_rooturl() responseJohn Keeping 2014-01-12ui-shared: URL-escape script_nameJohn Keeping 2014-01-12ui-refs: escape HTML chars in author and tagger namesJohn Keeping 2014-01-12filter: pass extra arguments via cgit_open_filterJohn Keeping 2014-01-12ui-snapshot: set unused cgit_filter fields to zeroJohn Keeping 2014-01-12html: remove redundant htmlfd variableJohn Keeping 2014-01-12tests: add Valgrind supportJohn Keeping 2014-01-12cache: don't leave cache_slot fields uninitializedJohn Keeping 2014-01-10filter: split filter functions into their own fileJason A. Donenfeld 2014-01-10filter: make exit status localJason A. Donenfeld 2014-01-10parsing: fix header typoJason A. Donenfeld 2014-01-10cgit.c: Fix comment on bit mask hackLukas Fleischer 2014-01-10cgit.c: Use "else" for mutually exclusive branchesLukas Fleischer 2014-01-10ui-snapshot.c: Do not reinvent suffixcmp()Lukas Fleischer 2014-01-10Refactor cgit_parse_snapshots_mask()Lukas Fleischer 2014-01-10Disallow use of undocumented snapshot delimitersLukas Fleischer 2014-01-10Replace most uses of strncmp() with prefixcmp()Lukas Fleischer 2014-01-09README: Fix dependenciesLukas Fleischer 2014-01-08README: Spelling and formatting fixesLukas Fleischer 2014-01-08Fix UTF-8 with syntax-highlighting.pyPřemysl Janouch 2014-01-08Add a suggestion to the manpagePřemysl Janouch 2014-01-08Fix the example configurationPřemysl Janouch 2014-01-08Fix about-formatting.shPřemysl Janouch 2014-01-08Fix some spelling errorsPřemysl Janouch 2014-01-08filters: highlight.sh: add css comments for highlight 2.6 and 3.8Ferry Huberts