From: SourceForge.net <no...@so...> - 2006-06-25 02:39:59
|
Bugs item #1511540, was opened at 2006-06-23 16:05 Message generated for change (Comment added) made by nhorman You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: Rejected Priority: 5 Submitted By: Neil Horman (nhorman) Assigned to: Hans-Bernhard Broeker (broeker) Summary: on long pathnames cscope can overflow in putstring Initial Comment: when parsing very long paths, cscope can overflow in putstring. This patch limits the length of the putstring copy to the length of the array being copied into. ---------------------------------------------------------------------- >Comment By: Neil Horman (nhorman) Date: 2006-06-24 22:39 Message: Logged In: YES user_id=827328 (1) Thats not supposed to be there. I'll remove that and repost. Sorry about that. (2) please take the time to actually look before you reject this Hans. the length variable represents the length of the character array s passed into the array, and prevents buffer overflow in all those cases where blockp is larger than the passed array (note that PATHLEN is passed in all cases, because in all uses of putstring, the passed array is defined on the stack as being of PATHLEN characters). ---------------------------------------------------------------------- Comment By: Hans-Bernhard Broeker (broeker) Date: 2006-06-24 12:38 Message: Logged In: YES user_id=27517 In its current shape, I'm afraid I have to reject this patch. For two reasons: 1) I rather seriously dislike that CHECK_STACK hack. Stuff like that has no business being put into production code. 2) I see no believable reason at all to add an argument to a function, but in the same move pass the exact same value for this argument, in all its callers. What could a function or macro name's length possibly have to do with PATHLEN? And if PATHLEN really is the actual length of all those buffers: why pass it as an argument? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=104664&aid=1511540&group_id=4664 |