Re: patch(1): basename(3) can fail

2023-07-12 Thread Theo Buehler 
On Wed, Jul 12, 2023 at 12:53:10PM +0200, Florian Obser wrote:
> So I was sufficiently bored during breakfast and decided to run afl
> against patch...
> 
> basename(3) can fail thusly:
> ERRORS
>  The following error codes may be set in errno:
> 
>  [ENAMETOOLONG] The path component to be returned was larger than
> PATH_MAX.
> 
> and then strlen(3) segfaults.
> 
> OK?

ok

> (this is on top of tb's fix on bugs but should be independent and not
> cause conflicts.)

Go ahead. If it conflicts it's easy to redo anway.

> 
> diff --git pch.c pch.c
> index 4ae5f363393..63543a609fb 100644
> --- pch.c
> +++ pch.c
> @@ -1422,7 +1422,7 @@ compare_names(const struct file_name *names, bool 
> assume_exists)
>  {
>   size_t min_components, min_baselen, min_len, tmp;
>   char *best = NULL;
> - char *path;
> + char *path, *bn;
>   int i;
>  
>   /*
> @@ -1443,7 +1443,10 @@ compare_names(const struct file_name *names, bool 
> assume_exists)
>   min_components = tmp;
>   best = path;
>   }
> - if ((tmp = strlen(basename(path))) > min_baselen)
> + bn = basename(path);
> + if (bn == NULL)
> + continue;
> + if ((tmp = strlen(bn)) > min_baselen)
>   continue;
>   if (tmp < min_baselen) {
>   min_baselen = tmp;
> 
> -- 
> In my defence, I have been left unsupervised.
>

patch(1): basename(3) can fail

2023-07-12 Thread Florian Obser 
So I was sufficiently bored during breakfast and decided to run afl
against patch...

basename(3) can fail thusly:
ERRORS
 The following error codes may be set in errno:

 [ENAMETOOLONG] The path component to be returned was larger than
PATH_MAX.

and then strlen(3) segfaults.

OK?

(this is on top of tb's fix on bugs but should be independent and not
cause conflicts.)

diff --git pch.c pch.c
index 4ae5f363393..63543a609fb 100644
--- pch.c
+++ pch.c
@@ -1422,7 +1422,7 @@ compare_names(const struct file_name *names, bool 
assume_exists)
 {
size_t min_components, min_baselen, min_len, tmp;
char *best = NULL;
-   char *path;
+   char *path, *bn;
int i;
 
/*
@@ -1443,7 +1443,10 @@ compare_names(const struct file_name *names, bool 
assume_exists)
min_components = tmp;
best = path;
}
-   if ((tmp = strlen(basename(path))) > min_baselen)
+   bn = basename(path);
+   if (bn == NULL)
+   continue;
+   if ((tmp = strlen(bn)) > min_baselen)
continue;
if (tmp < min_baselen) {
min_baselen = tmp;

-- 
In my defence, I have been left unsupervised.