"Michael D. Setzer II via busybox" <[email protected]> writes:
> On 29 Mar 2026 at 13:20, Alyssa Ross via busybox wrote: > > To: [email protected] > Subject: [PATCH] build system: fix potential buffer overflow > Date sent: Sun, 29 Mar 2026 13:20:36 +0200 > From: Alyssa Ross via busybox <[email protected]> > Send reply to: Alyssa Ross <[email protected]> > >> This could potentially write one byte past the end of line. >> Identified by fortify-headers. >> --- >> scripts/basic/split-include.c | 2 +- >> 1 file changed, 1 insertion(+), 1 deletion(-) >> >> diff --git a/scripts/basic/split-include.c b/scripts/basic/split-include.c >> index 6ef29195e..93011d511 100644 >> --- a/scripts/basic/split-include.c >> +++ b/scripts/basic/split-include.c >> @@ -195,7 +195,7 @@ int main(int argc, const char * argv []) >> ERROR_EXIT( "find" ); >> >> line[0] = '\n'; >> - while (fgets(line+1, buffer_size, fp_find)) >> + while (fgets(line+1, buffer_size-1, fp_find)) >> { >> if (strstr(list_target, line) == NULL) >> { >> -- >> 2.53.0 >> > > Question: Looked at file and there are multiple fgets lines. > > cat -n split-include.c | grep fgets > 105 while (fgets(line, buffer_size, fp_config)) > 134 if (!fgets(old_line, buffer_size, fp_target) && > ferror(fp_target)) > 189 * fgets gives the incoming names a terminating \n. > 198 while (fgets(line+1, buffer_size, fp_find)) > > 189 is part of a comment, but wouldn't fix also apply to other lines? I don't think so… The other ones don't offset their buffer.
signature.asc
Description: PGP signature
_______________________________________________ busybox mailing list [email protected] https://lists.busybox.net/mailman/listinfo/busybox
