-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
> Thanks for the bug report; this also affects ffset. I've adapted > your patch slightly, using PATH_MAX instead of 256. This also > addresses the point you raise in your follow-up email about the > terminating null, since PATH_MAX includes that. It's incompatible > with the Hurd but the joystick tools are Linux-specific anyway... Great, thanks for the quick reaction. I don't see however how using PATH_MAX alone can fix the NULL issue. The user could still pass the program a filename longer than PATH_MAX (though it will not be a valid filename), in which case strncpy will overwrite the filename buffer with the first PATH_MAX characters of the user input. The buffer is now not NULL-terminated, which can lead to interesting behaviour in the following. Or do I miss anything? Also, PATH_MAX does not seem to always hold what it promises, see http://insanecoding.blogspot.de/2007/11/pathmax-simply-isnt.html Kind regards, Ralf -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJRhTMsAAoJEEAdTZ0mjB1Wn84H+gOdxo2A0uBSvdpWvyRd4Eot cJSh9M8ykYZcYlvWABPAdqqyf9xFiIjXOHrwYqHQ+rjauleIJLajpYanBlPJ/+kV +RgYa8u7l7SD1tBIDsBqiYMlJVIru4CeSHLaFtozXpOnDtmadI+hZeOg5MXF3HGD GQ9s0ZXPi58gcPaSZVnUnYL3lonRtUAfL65zc0VQJyLMvOmXEVFWa1uzJ5oZfCCT +zea/uadu4niBL1fvFAAAkfKRqOZb0BV2kIoGKzzLr7T4aWlNKvMgifW/nbo2XdI mNjAPI5HAHwnzfrBLJS5ss+Omtc+GopTY5O6JzzYnHjDabfojPpD3ky/6XS0tmk= =soQP -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
