! Please note that this is a snapshot of our old Bugzilla server, which is read only since May 29, 2020. Please go to gitlab.xfce.org for our new server !
potential buffer overflow in src/treeview.c (?)
Status:
CLOSED: FIXED
Priority:
Medium
Severity:
normal
Product:
Xffm
Component:
General

Comments

Description jolan 2003-12-10 07:06:23 CET 
Was reviewing -Wall and noticed this:

treeview.c:1522: warning: array size (255) is smaller than minimum required
(1024)

char wd[_POSIX_PATH_MAX];
getcwd(wd, _POSIX_PATH_MAX - 1);

from getcwd(3):
The getcwd() function copies the absolute pathname of the current working
directory into the memory referenced by buf and returns a pointer to buf. The
size argument is the size, in bytes, of the array referenced by buf.

I assume this refers to getcwd copying MAXPATHLEN (1024) into _POSIX_PATH_MAX
(255) and overflowing wd.

Not sure if this is correct, patch attached anyway.
Comment 1 edscott editbugs 2003-12-10 13:58:13 CET 
fixed in 4.0.2. I will close the bug after removing all POSIX_PATH_MAX's from
4.1 and replacing with dynamic memory instead of static. The fix in 4.0.1 looks
like this:
gchar *wd = g_get_current_dir ();
startup = g_strconcat(wd, "/",argv[1],NULL);
g_free(wd);
Which looks more portable.

Bug #39

Reported by:
jolan
Reported on: 2003-12-10
Last modified on: 2009-07-14

People

Assignee:
edscott
CC List:
0 users

Version

Version:
unspecified
Target Milestone:
---

Attachments

0000039-patch-src_treeview_c (530 bytes, application/octet-stream)
2003-12-10 07:06 CET , jolan 		no flags

Additional information