|
From: <sv...@va...> - 2013-01-26 16:32:29
|
florian 2013-01-26 16:32:18 +0000 (Sat, 26 Jan 2013)
New Revision: 13268
Log:
Avoid copying a string coming from argv[] into a fixed size buffer.
Pointed out by Coverity's checker.
Modified files:
trunk/coregrind/launcher-linux.c
Modified: trunk/coregrind/launcher-linux.c (+10 -7)
===================================================================
--- trunk/coregrind/launcher-linux.c 2013-01-26 11:49:15 +00:00 (rev 13267)
+++ trunk/coregrind/launcher-linux.c 2013-01-26 16:32:18 +00:00 (rev 13268)
@@ -51,12 +51,8 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <limits.h> // PATH_MAX
-
-
-#define PATH_MAX 4096 /* POSIX refers to this a lot but I dunno
- where it is defined */
-
#ifndef EM_X86_64
#define EM_X86_64 62 // elf.h doesn't define this on some older systems
#endif
@@ -81,10 +77,17 @@
/* Search the path for the client program */
static const char *find_client(const char *clientname)
{
- static char fullname[PATH_MAX];
+ char *fullname = NULL;
const char *path = getenv("PATH");
const char *colon;
+ /* Make the size of the FULLNAME buffer large enough. */
+ unsigned need = strlen(path) + strlen("/") + strlen(clientname) + 1;
+
+ fullname = malloc(need);
+ if (fullname == NULL)
+ barf("malloc of fullname failed.");
+
while (path)
{
if ((colon = strchr(path, ':')) == NULL)
@@ -94,7 +97,7 @@
}
else
{
- memcpy(fullname, path, colon - path);
+ strncpy(fullname, path, colon - path);
fullname[colon - path] = '\0';
path = colon + 1;
}
|