[Pkg-zsh-devel] Bug#418199: Fwd: Re: segfault with exceedingly long path
Richard Hartmann
richih.mailinglist at gmail.com
Mon Jan 20 08:50:17 UTC 2014
Not done yet but it's being addressed.
Richard
Sent by mobile; excuse my brevity.
---------- Forwarded message ----------
From: "Bart Schaefer" <schaefer at brasslantern.com>
Date: Jan 20, 2014 2:11 AM
Subject: Re: segfault with exceedingly long path
To: <zsh-workers at zsh.org>
Cc:
On Jan 19, 4:02pm, Bart Schaefer wrote:
}
} I don't think we want to let this can of worms out of Pandora's box,
} or we'll be chasing geese until the cows come home to roost.
In spite of that ... we could at least not dump core in this specific
case. There are probably many other core dumps waiting to be exposed.
Behavior becomes undefined once the path gets too long, but:
diff --git a/Src/utils.c b/Src/utils.c
index c6d178c..705d2c4 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -725,32 +725,36 @@ xsymlinks(char *s)
char **pp, **opp;
char xbuf2[PATH_MAX*2], xbuf3[PATH_MAX*2];
int t0, ret = 0;
+ zulong xbuflen = strlen(xbuf);
opp = pp = slashsplit(s);
- for (; *pp; pp++) {
- if (!strcmp(*pp, ".")) {
- zsfree(*pp);
+ for (; xbuflen < sizeof(xbuf) && *pp; pp++) {
+ if (!strcmp(*pp, "."))
continue;
- }
if (!strcmp(*pp, "..")) {
char *p;
- zsfree(*pp);
if (!strcmp(xbuf, "/"))
continue;
if (!*xbuf)
continue;
- p = xbuf + strlen(xbuf);
- while (*--p != '/');
+ p = xbuf + xbuflen;
+ while (*--p != '/')
+ xbuflen--;
*p = '\0';
continue;
}
sprintf(xbuf2, "%s/%s", xbuf, *pp);
t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
if (t0 == -1) {
- strcat(xbuf, "/");
- strcat(xbuf, *pp);
- zsfree(*pp);
+ zulong pplen = strlen(pp) + 1;
+ if ((xbuflen += pplen) < sizeof(xbuf)) {
+ strcat(xbuf, "/");
+ strcat(xbuf, *pp);
+ } else {
+ *xbuf = 0;
+ break;
+ }
} else {
ret = 1;
metafy(xbuf3, t0, META_NOALLOC);
@@ -759,10 +763,9 @@ xsymlinks(char *s)
xsymlinks(xbuf3 + 1);
} else
xsymlinks(xbuf3);
- zsfree(*pp);
}
}
- free(opp);
+ freearray(opp);
return ret;
}
@@ -779,8 +782,10 @@ xsymlink(char *s)
return NULL;
*xbuf = '\0';
xsymlinks(s + 1);
- if (!*xbuf)
+ if (!*xbuf) {
+ zwarn("path expansion failed, using root directory");
return ztrdup("/");
+ }
return ztrdup(xbuf);
}
--
Barton E. Schaefer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-zsh-devel/attachments/20140120/1763c8c2/attachment.html>
More information about the Pkg-zsh-devel
mailing list