On Wed, Jul 12, 2023 at 12:53:10PM +0200, Florian Obser wrote:
> So I was sufficiently bored during breakfast and decided to run afl
> against patch...
>
> basename(3) can fail thusly:
> ERRORS
> The following error codes may be set in errno:
>
> [ENAMETOOLONG] The path component to be returned was larger than
> PATH_MAX.
>
> and then strlen(3) segfaults.
>
> OK?
ok
> (this is on top of tb's fix on bugs but should be independent and not
> cause conflicts.)
Go ahead. If it conflicts it's easy to redo anway.
>
> diff --git pch.c pch.c
> index 4ae5f363393..63543a609fb 100644
> --- pch.c
> +++ pch.c
> @@ -1422,7 +1422,7 @@ compare_names(const struct file_name *names, bool
> assume_exists)
> {
> size_t min_components, min_baselen, min_len, tmp;
> char *best = NULL;
> - char *path;
> + char *path, *bn;
> int i;
>
> /*
> @@ -1443,7 +1443,10 @@ compare_names(const struct file_name *names, bool
> assume_exists)
> min_components = tmp;
> best = path;
> }
> - if ((tmp = strlen(basename(path))) > min_baselen)
> + bn = basename(path);
> + if (bn == NULL)
> + continue;
> + if ((tmp = strlen(bn)) > min_baselen)
> continue;
> if (tmp < min_baselen) {
> min_baselen = tmp;
>
> --
> In my defence, I have been left unsupervised.
>