Crazy shell code (e.g. libtool) can pass in a command pipeline as a path which exceeds the max path length the system can support (6000+ chars). This will fail in libc or the syscall but if we don't do something here, we'd segfault before it can do that. Leave path unchanged and let libc deal with it.
This was observed with segfaults in libfm:do_install after the libtool upgrade. It does depend on the length of the local build path too. Signed-off-by: Richard Purdie <[email protected]> --- pseudo_util.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/pseudo_util.c b/pseudo_util.c index b9de81e..0a89535 100644 --- a/pseudo_util.c +++ b/pseudo_util.c @@ -827,12 +827,21 @@ pseudo_fix_path(const char *base, const char *path, size_t rootlen, size_t basel return 0; } newpathlen = pseudo_path_max(); + pathlen = strlen(path); + /* Crazy shell code (e.g. libtool) can pass in a command pipeline as a path which exceeds the max path + * length the system can support (6000+ chars). This will fail in libc or the syscall but if we don't + * do something here, we'd segfault before it can do that. Leave path unchanged and let libc deal + * with it. + */ + if ((pathlen + baselen) >= newpathlen) { + return path; + } if (!pathbufs[pathbuf]) { pathbufs[pathbuf] = malloc(newpathlen); } newpath = pathbufs[pathbuf]; pathbuf = (pathbuf + 1) % PATHBUFS; - pathlen = strlen(path); + /* a trailing slash has special meaning, but processing * trailing slashes is expensive. */ -- 2.32.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#163508): https://lists.openembedded.org/g/openembedded-core/message/163508 Mute This Topic: https://lists.openembedded.org/mt/89928175/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
