Bug#942396: nsis: increase NSIS_MAX_STRLEN to 8192

Tue, 15 Oct 2019 09:30:29 -0700 

Package: nsis
Version: 3.04-1
Severity: normal

I recommend increasing NSIS_MAX_STRLEN to 8192 at compile time. Patch 
attached.

Using NSIS_MAX_STRLEN=8192 seems to be a common desire, since there are 
dedicated upstream builds with that option:
https://nsis.sourceforge.io/Special_Builds

So far we recompiled nsis with that large strings option, mainly to mitigate 
actually a serious problem with nsis: it is common procedure for an installer 
to append a string to the system's PATH variable, e.g.:

        ${EnvVarUpdate} $0 "PATH" "A" "HKLM" "$INSTDIR"

If however the PATH variable on the system is already very large (i.e. if the 
string in the current PATH variable exceeds the default nsis string length of 
1024), then nsis no longer appends to PATH; it then simply overwrites PATH 
(i.e. with $INSTDIR in this example), so all other directories previously 
contained in PATH are gone!

I must admit, I haven't checked whether this serious bug had already been 
fixed upstream. However increasing max. string size is still a good idea to 
prevent string manipulation issues in general.

-- System Information:
Debian Release: 10.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages nsis depends on:
ii  libc6        2.28-10
ii  libgcc1      1:8.3.0-6
ii  libstdc++6   8.3.0-6
ii  nsis-common  3.04-1
ii  zlib1g       1:1.2.11.dfsg-1

nsis recommends no packages.

Versions of packages nsis suggests:
ii  mingw-w64       6.0.0-3
pn  nsis-doc        <none>
pn  nsis-pluginapi  <none>
pn  wine            <none>

-- no debconf information
diff --git a/debian/rules b/debian/rules
index 993d404..ea3b2fd 100755
--- a/debian/rules
+++ b/debian/rules
@@ -53,7 +53,7 @@ SCONSHOSTFLAGS = APPEND_CCFLAGS="$(shell dpkg-buildflags --get CPPFLAGS) \
 SCONSOPTS = $(SCONSFLAGS) VERSION=$(VERSION) VER_MAJOR=$(VER_MAJOR) \
   VER_MINOR=$(VER_MINOR) VER_REVISION=$(VER_REVISION) \
   PREFIX=$(PREFIX) PREFIX_CONF=$(SYSCONF) CHMDOCS=0 \
-  STRIP_CP=no \
+  STRIP_CP=no NSIS_MAX_STRLEN=8192 \
   $(if $(findstring nostripfull,$(DEB_BUILD_OPTIONS)),STRIP_W32=no,)
 
 ifneq (,$(UNICODE),yes)

Reply via email to