On 29 Mar 2026 at 13:20, Alyssa Ross via busybox wrote:
To: [email protected]
Subject: [PATCH] build system: fix potential buffer overflow
Date sent: Sun, 29 Mar 2026 13:20:36 +0200
From: Alyssa Ross via busybox <[email protected]>
Send reply to: Alyssa Ross <[email protected]>
> This could potentially write one byte past the end of line.
> Identified by fortify-headers.
> ---
> scripts/basic/split-include.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/scripts/basic/split-include.c b/scripts/basic/split-include.c
> index 6ef29195e..93011d511 100644
> --- a/scripts/basic/split-include.c
> +++ b/scripts/basic/split-include.c
> @@ -195,7 +195,7 @@ int main(int argc, const char * argv [])
> ERROR_EXIT( "find" );
>
> line[0] = '\n';
> - while (fgets(line+1, buffer_size, fp_find))
> + while (fgets(line+1, buffer_size-1, fp_find))
> {
> if (strstr(list_target, line) == NULL)
> {
> --
> 2.53.0
>
Question: Looked at file and there are multiple fgets lines.
cat -n split-include.c | grep fgets
105 while (fgets(line, buffer_size, fp_config))
134 if (!fgets(old_line, buffer_size, fp_target) &&
ferror(fp_target))
189 * fgets gives the incoming names a terminating \n.
198 while (fgets(line+1, buffer_size, fp_find))
189 is part of a comment, but wouldn't fix also apply to other lines?
Thanks.
> _______________________________________________
> busybox mailing list
> [email protected]
> https://lists.busybox.net/mailman/listinfo/busybox
+------------------------------------------------------------+
Michael D. Setzer II - Computer Science Instructor (Retired)
mailto:[email protected]
mailto:[email protected]
mailto:[email protected]
Guam - Where America's Day Begins
G4L Disk Imaging Project maintainer
http://sourceforge.net/projects/g4l/
+------------------------------------------------------------+
_______________________________________________
busybox mailing list
[email protected]
https://lists.busybox.net/mailman/listinfo/busybox
