Control: tag -1 upstream patch Control: forwarded -1 https://savannah.gnu.org/bugs/index.php?54395
On Fri, 2018-07-27 at 15:31 +0200, Philipp Wolski wrote: > Package: make > Version: 4.2.1-1.1 > Severity: important > > Dear Maintainer, > > we are using dependency files when static linking .a file build with ar -U. > > I noticed that some libraries failed with "no rule to make target > xxx.a(yyy.o)" > which would change when I moved the o-files around within the lib. > > It did not happen with the upstream make-4.2.1 tar-ball > > By bisecting the patches applied I found a patch to arscan.c to be the > culprit. > > Around line 669 of the patched arscan.c file it reads: > > int name_off = atoi (name + 1); > if (name_off < 1 || name_off > ARNAME_MAX) > goto invalid; > > name = namemap + name_off; > > I recon name_off is a pointer index which is added to the namemap pointer. > In this case, the check for name length violation does/should not apply here, > or must > be safeguarded differently. > > Removing the if let us compile again. Sorry about this. You didn't give an example to reproduce this, but I was able to construct one. Please could you test that the attached patch also works for your real usage? I also uploaded a new source package with this patch to: https://people.debian.org/~benh/packages/make-dfsg_4.2.1-1.2.dsc Ben. -- Ben Hutchings Power corrupts. Absolute power is kind of neat. - John Lehman
signature.asc
Description: This is a digitally signed message part