So I was sufficiently bored during breakfast and decided to run afl
against patch...
basename(3) can fail thusly:
ERRORS
The following error codes may be set in errno:
[ENAMETOOLONG] The path component to be returned was larger than
PATH_MAX.
and then strlen(3) segfaults.
OK?
(this is on top of tb's fix on bugs but should be independent and not
cause conflicts.)
diff --git pch.c pch.c
index 4ae5f363393..63543a609fb 100644
--- pch.c
+++ pch.c
@@ -1422,7 +1422,7 @@ compare_names(const struct file_name *names, bool
assume_exists)
{
size_t min_components, min_baselen, min_len, tmp;
char *best = NULL;
- char *path;
+ char *path, *bn;
int i;
/*
@@ -1443,7 +1443,10 @@ compare_names(const struct file_name *names, bool
assume_exists)
min_components = tmp;
best = path;
}
- if ((tmp = strlen(basename(path))) > min_baselen)
+ bn = basename(path);
+ if (bn == NULL)
+ continue;
+ if ((tmp = strlen(bn)) > min_baselen)
continue;
if (tmp < min_baselen) {
min_baselen = tmp;
--
In my defence, I have been left unsupervised.
