On Wed, Jul 12, 2023 at 12:53:10PM +0200, Florian Obser wrote:
> So I was sufficiently bored during breakfast and decided to run afl
> against patch...
> 
> basename(3) can fail thusly:
> ERRORS
>      The following error codes may be set in errno:
> 
>      [ENAMETOOLONG]     The path component to be returned was larger than
>                         PATH_MAX.
> 
> and then strlen(3) segfaults.
> 
> OK?

ok

> (this is on top of tb's fix on bugs but should be independent and not
> cause conflicts.)

Go ahead. If it conflicts it's easy to redo anway.

> 
> diff --git pch.c pch.c
> index 4ae5f363393..63543a609fb 100644
> --- pch.c
> +++ pch.c
> @@ -1422,7 +1422,7 @@ compare_names(const struct file_name *names, bool 
> assume_exists)
>  {
>       size_t min_components, min_baselen, min_len, tmp;
>       char *best = NULL;
> -     char *path;
> +     char *path, *bn;
>       int i;
>  
>       /*
> @@ -1443,7 +1443,10 @@ compare_names(const struct file_name *names, bool 
> assume_exists)
>                       min_components = tmp;
>                       best = path;
>               }
> -             if ((tmp = strlen(basename(path))) > min_baselen)
> +             bn = basename(path);
> +             if (bn == NULL)
> +                     continue;
> +             if ((tmp = strlen(bn)) > min_baselen)
>                       continue;
>               if (tmp < min_baselen) {
>                       min_baselen = tmp;
> 
> -- 
> In my defence, I have been left unsupervised.
> 

Reply via email to