You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
34 lines
1.2 KiB
34 lines
1.2 KiB
6 years ago
|
From: Dmitry Bogatov <KAction@debian.org>
|
||
|
|
Date: Tue, 6 Aug 2019 16:36:24 +0000
|
||
|
|
Subject: Fix buffer overrun in inotifytools.c
|
||
|
|
|
||
|
|
The following code
|
||
|
|
|
||
|
|
char *names[2+sizeof(int)/sizeof(char*)];
|
||
|
|
|
||
|
|
was supposed to allocate enough space on stack to fit two `char *' and one
|
||
|
|
`int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on
|
||
|
|
64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0,
|
||
|
|
resulting in buffer overrun.
|
||
|
|
|
||
|
|
Detected by GCC-9 new diagnostics.
|
||
|
|
|
||
|
|
Closes: #925717
|
||
|
|
---
|
||
|
|
libinotifytools/src/inotifytools.c | 2 +-
|
||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||
|
|
|
||
|
|
diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c
|
||
|
|
index b3feca3..ce4ccd5 100644
|
||
|
|
--- a/libinotifytools/src/inotifytools.c
|
||
|
|
+++ b/libinotifytools/src/inotifytools.c
|
||
|
|
@@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname,
|
||
|
|
void inotifytools_replace_filename( char const * oldname,
|
||
|
|
char const * newname ) {
|
||
|
|
if ( !oldname || !newname ) return;
|
||
|
|
- char *names[2+sizeof(int)/sizeof(char*)];
|
||
|
|
+ char *names[2+sizeof(int)/sizeof(char*) + 1];
|
||
|
|
names[0] = (char*)oldname;
|
||
|
|
names[1] = (char*)newname;
|
||
|
|
*((int*)&names[2]) = strlen(oldname);
|