From: Dmitry Bogatov Date: Tue, 6 Aug 2019 16:36:24 +0000 Subject: Fix buffer overrun in inotifytools.c The following code char *names[2+sizeof(int)/sizeof(char*)]; was supposed to allocate enough space on stack to fit two `char *' and one `int'. Problem is that when sizeof(int) < sizeof(char *), which is likely on 64-bit systems, it caused expression `sizeof(int)/sizeof(char*)' evaluate to 0, resulting in buffer overrun. Detected by GCC-9 new diagnostics. Closes: #925717 --- libinotifytools/src/inotifytools.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c index b3feca3..ce4ccd5 100644 --- a/libinotifytools/src/inotifytools.c +++ b/libinotifytools/src/inotifytools.c @@ -859,7 +859,7 @@ void inotifytools_set_filename_by_filename( char const * oldname, void inotifytools_replace_filename( char const * oldname, char const * newname ) { if ( !oldname || !newname ) return; - char *names[2+sizeof(int)/sizeof(char*)]; + char *names[2+sizeof(int)/sizeof(char*) + 1]; names[0] = (char*)oldname; names[1] = (char*)newname; *((int*)&names[2]) = strlen(oldname);