From: Bart Schaefer <schaefer@brasslantern.com>
To: zsh-workers@zsh.org
Subject: Re: segfault with exceedingly long path
Date: Sun, 19 Jan 2014 17:10:49 -0800 [thread overview]
Message-ID: <140119171049.ZM18371@torch.brasslantern.com> (raw)
In-Reply-To: <140119160238.ZM5850@torch.brasslantern.com>
On Jan 19, 4:02pm, Bart Schaefer wrote:
}
} I don't think we want to let this can of worms out of Pandora's box,
} or we'll be chasing geese until the cows come home to roost.
In spite of that ... we could at least not dump core in this specific
case. There are probably many other core dumps waiting to be exposed.
Behavior becomes undefined once the path gets too long, but:
diff --git a/Src/utils.c b/Src/utils.c
index c6d178c..705d2c4 100644
--- a/Src/utils.c
+++ b/Src/utils.c
@@ -725,32 +725,36 @@ xsymlinks(char *s)
char **pp, **opp;
char xbuf2[PATH_MAX*2], xbuf3[PATH_MAX*2];
int t0, ret = 0;
+ zulong xbuflen = strlen(xbuf);
opp = pp = slashsplit(s);
- for (; *pp; pp++) {
- if (!strcmp(*pp, ".")) {
- zsfree(*pp);
+ for (; xbuflen < sizeof(xbuf) && *pp; pp++) {
+ if (!strcmp(*pp, "."))
continue;
- }
if (!strcmp(*pp, "..")) {
char *p;
- zsfree(*pp);
if (!strcmp(xbuf, "/"))
continue;
if (!*xbuf)
continue;
- p = xbuf + strlen(xbuf);
- while (*--p != '/');
+ p = xbuf + xbuflen;
+ while (*--p != '/')
+ xbuflen--;
*p = '\0';
continue;
}
sprintf(xbuf2, "%s/%s", xbuf, *pp);
t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
if (t0 == -1) {
- strcat(xbuf, "/");
- strcat(xbuf, *pp);
- zsfree(*pp);
+ zulong pplen = strlen(pp) + 1;
+ if ((xbuflen += pplen) < sizeof(xbuf)) {
+ strcat(xbuf, "/");
+ strcat(xbuf, *pp);
+ } else {
+ *xbuf = 0;
+ break;
+ }
} else {
ret = 1;
metafy(xbuf3, t0, META_NOALLOC);
@@ -759,10 +763,9 @@ xsymlinks(char *s)
xsymlinks(xbuf3 + 1);
} else
xsymlinks(xbuf3);
- zsfree(*pp);
}
}
- free(opp);
+ freearray(opp);
return ret;
}
@@ -779,8 +782,10 @@ xsymlink(char *s)
return NULL;
*xbuf = '\0';
xsymlinks(s + 1);
- if (!*xbuf)
+ if (!*xbuf) {
+ zwarn("path expansion failed, using root directory");
return ztrdup("/");
+ }
return ztrdup(xbuf);
}
--
Barton E. Schaefer
next prev parent reply other threads:[~2014-01-20 1:10 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-01-18 0:20 Axel Beckert
2014-01-18 1:49 ` Bart Schaefer
2014-01-18 9:11 ` Axel Beckert
2014-01-19 19:10 ` Peter Stephenson
2014-01-19 21:35 ` Bart Schaefer
2014-01-19 22:13 ` Simon Ruderich
2014-01-20 0:02 ` Bart Schaefer
2014-01-20 1:10 ` Bart Schaefer [this message]
2014-01-20 1:44 ` Bart Schaefer
2014-01-20 3:20 ` Bart Schaefer
2014-02-24 14:38 ` Oliver Kiddle
2014-02-24 15:38 ` Bart Schaefer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=140119171049.ZM18371@torch.brasslantern.com \
--to=schaefer@brasslantern.com \
--cc=zsh-workers@zsh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).