[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Findutils-patches] [PATCH] ftsfind.c: avoid buffer overflow in -D c

From: Bernhard Voelker
Subject: Re: [Findutils-patches] [PATCH] ftsfind.c: avoid buffer overflow in -D code
Date: Mon, 9 Jul 2018 17:50:56 +0200
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.8.0

On 07/09/2018 05:23 PM, Jim Meyering wrote:
> On Mon, Jul 9, 2018 at 5:57 AM, Bernhard Voelker
> <address@hidden> wrote:
>> On 07/08/2018 06:19 AM, Jim Meyering wrote:
>>> On Sat, Jul 7, 2018 at 4:13 PM, Bernhard Voelker
>>> <address@hidden> wrote:
>>>> -  static char buf[10];
>>>> +  static char buf[14];
>>> Or maybe this, since you already use the intprops module, just add
>>> this somewhere prior: #include "intprops.h"
>>>   static char buf[1 + INT_BUFSIZE_BOUND (info) + 1];
>> Even better, thanks!
>> I wrapped that into the attached patch in your name ... pushing soon.
> Thanks. Actually, we must not rely on it being already available due
> to a transitive dependency.
> Instead, I suggest to make the dependency on this gnulib module
> explicit by adding its name to bootstrap.conf:

Good point.  This adds up to the attached.

Is there an automated check to avoid such transitive deps?

Thanks & have a nice day,

Attachment: 0001-maint-use-gnulib-s-intprops-module-to-avoid-magic-nu.v2.patch
Description: Text Data

reply via email to

[Prev in Thread] Current Thread [Next in Thread]