[Xfce-bugs] [XFCE 0000039]: potential buffer overflow in src/treeview.c (?)
xfce-bugs at xfce.org
xfce-bugs at xfce.org
Sat Jan 17 16:03:32 CET 2004
The following bug has been CLOSED
=======================================================================
http://bugs.xfce.org/view_bug_page.php?f_id=0000039
=======================================================================
Reporter: jolan
Handler: edscott
=======================================================================
Project: XFCE
Bug ID: 0000039
Category: xffm
Reproducibility: N/A
Severity: minor
Priority: normal
Status: closed
=======================================================================
Date Submitted: 2003-12-10 07:06 GMT
Last Modified: 2004-01-17 15:03 GMT
=======================================================================
Summary: potential buffer overflow in src/treeview.c (?)
Description:
Was reviewing -Wall and noticed this:
treeview.c:1522: warning: array size (255) is smaller than minimum
required (1024)
char wd[_POSIX_PATH_MAX];
getcwd(wd, _POSIX_PATH_MAX - 1);
from getcwd(3):
The getcwd() function copies the absolute pathname of the current working
directory into the memory referenced by buf and returns a pointer to buf.
The size argument is the size, in bytes, of the array referenced by buf.
I assume this refers to getcwd copying MAXPATHLEN (1024) into
_POSIX_PATH_MAX (255) and overflowing wd.
Not sure if this is correct, patch attached anyway.
=======================================================================
-----------------------------------------------------------------------
edscott - 2003-12-10 13:58 GMT
-----------------------------------------------------------------------
fixed in 4.0.2. I will close the bug after removing all POSIX_PATH_MAX's
from 4.1 and replacing with dynamic memory instead of static. The fix in
4.0.1 looks like this:
gchar *wd = g_get_current_dir ();
startup = g_strconcat(wd, "/",argv[1],NULL);
g_free(wd);
Which looks more portable.
More information about the Xfce-bugs
mailing list