This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
fix buffer allocation in make_relative_prefix
- To: gcc-patches at gcc dot gnu dot org
- Subject: fix buffer allocation in make_relative_prefix
- From: Matt Kraai <kraai at alumni dot carnegiemellon dot edu>
- Date: Thu, 16 Aug 2001 14:13:04 -0600
Howdy,
It is possible to overrun a stack-allocated buffer in
make_relative_prefix if the PATH is set to the empty string, a
single colon, or a single path without a trailing slash. I
bootstrapped the following patch on i686-pc-linux-gnu, and there
were no regressions.
OK to commit?
Matt
2001-08-16 Matt Kraai <kraai@alumni.carnegiemellon.edu>
* gcc.c (make_relative_prefix): Allocate a sufficiently large
buffer.
Index: gcc/gcc.c
===================================================================
RCS file: /cvs/gcc/gcc/gcc/gcc.c,v
retrieving revision 1.241
diff -c -3 -p -r1.241 gcc.c
*** gcc.c 2001/08/13 16:41:19 1.241
--- gcc.c 2001/08/16 19:57:16
*************** make_relative_prefix (progname, bin_pref
*** 2285,2292 ****
GET_ENV_PATH_LIST (temp, "PATH");
if (temp)
{
! char *startp, *endp;
! char *nstore = (char *) alloca (strlen (temp) + strlen (progname) + 1);
startp = endp = temp;
while (1)
--- 2285,2296 ----
GET_ENV_PATH_LIST (temp, "PATH");
if (temp)
{
! char *startp, *endp, *nstore;
! size_t prefixlen = strlen (temp) + 1;
! if (prefixlen < 2)
! prefixlen = 2;
!
! nstore = (char *) alloca (prefixlen + strlen (progname) + 1);
startp = endp = temp;
while (1)