On 14/10/16 01:57, Bruno Haible wrote:
> Hi,
>
> If pathconf (name, _PC_PATH_MAX) returns a PATH_MAX value > 2 GB,
> the readlink call in canonicalize-lgpl.c line 292 may return a length > 2 GB,
> therefore the implicit cast (assignment) to 'int' will produce a wrong value.
>
> If you agree with this patch, it'd be a good idea to propagate it into glibc
> (it's the file stdlib/canonicalize.c there).
There is a later cast to (long int) that would
similarly truncate large values on LLP64 systems.
How about something like this as well?
@@ -311,7 +312,7 @@ __realpath (const char *name, char *resolved)
}
len = strlen (end);
- if ((long int) (n + len) >= path_max)
+ if (SIZE_MAX - len <= n || path_max <= n + len)
{
freea (buf);
__set_errno (ENAMETOOLONG);
thanks,
Pádraig
