Check for possible buffer overflow on very long filenames.

Fixes Savannah bug #35525
author: Paul Smith <psmith@gnu.org> 2012-02-26 21:34:51 +0000
committer: Paul Smith <psmith@gnu.org> 2012-02-26 21:34:51 +0000
commit: 6405534814f04899890a2d932db9a4985fd772fe (patch)
tree: 35e2b1fa9d9a5e7f334efc59c1e8d2e19fcebb2d
parent: c0751bd3fce253f09b4ebe2aed1c70bcbbc6ad20 (diff)
download: gunmake-6405534814f04899890a2d932db9a4985fd772fe.tar.gz
2 files changed, 12 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index ab8e97c..6d16854 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-26  Paul Smith  <psmith@gnu.org>
+
+	* implicit.c (pattern_search): Check the stem length to avoid
+	stack overflows in stem_str.  Fixes Savannah bug #35525.
+
 2012-02-03  Eli Zaretskii  <eliz@gnu.org>
 
 	* w32/subproc/sub_proc.c (proc_stdin_thread, proc_stdout_thread)
diff --git a/implicit.c b/implicit.c
index 96c7b2b..c5f7481 100644
--- a/implicit.c
+++ b/implicit.c
@@ -488,6 +488,13 @@ pattern_search (struct file *file, int archive,
               dir = pathdir;
             }
 
+          if (stemlen > GET_PATH_MAX)
+            {
+              DBS (DB_IMPLICIT, (_("Stem too long: `%.*s'.\n"),
+                                 (int) stemlen, stem));
+              continue;
+            }
+
           DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),
                              (int) stemlen, stem));
author	Paul Smith <psmith@gnu.org>	2012-02-26 21:34:51 +0000
committer	Paul Smith <psmith@gnu.org>	2012-02-26 21:34:51 +0000
commit	6405534814f04899890a2d932db9a4985fd772fe (patch)
tree	35e2b1fa9d9a5e7f334efc59c1e8d2e19fcebb2d
parent	c0751bd3fce253f09b4ebe2aed1c70bcbbc6ad20 (diff)
download	gunmake-6405534814f04899890a2d932db9a4985fd772fe.tar.gz