42 lines
1.3 KiB
Diff
42 lines
1.3 KiB
Diff
|
From c7344d33587bc5b781b958315c643284e2e9cf18 Mon Sep 17 00:00:00 2001
|
|||
|
|
From: Bernhard Voelker <mail@bernhard-voelker.de>
|
|||
|
|
Date: Sun, 8 Jul 2018 00:18:03 +0200
|
|||
|
|
Subject: [PATCH 178/224] ftsfind.c: avoid buffer overflow in -D code
|
|||
|
|
MIME-Version: 1.0
|
|||
|
|
Content-Type: text/plain; charset=UTF-8
|
|||
|
|
Content-Transfer-Encoding: 8bit
|
|||
|
|
|
|||
|
|
Reported by GCC 8.1.1:
|
|||
|
|
|
|||
|
|
ftsfind.c: In function ‘get_fts_info_name’:
|
|||
|
|
ftsfind.c:164:23: warning: ‘%d’ directive writing between 1 and 11 bytes into a region of size 9 [-Wformat-overflow=]
|
|||
|
|
sprintf (buf, "[%d]", info);
|
|||
|
|
^~
|
|||
|
|
ftsfind.c:164:7: note: ‘sprintf’ output between 4 and 14 bytes into a destination of size 10
|
|||
|
|
sprintf (buf, "[%d]", info);
|
|||
|
|
^~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|||
|
|
|
|||
|
|
* find/ftsfind.c (get_fts_info_name): Increase buffer from 10 to 14
|
|||
|
|
to be able to hold the 11-char string representation of the %d format,
|
|||
|
|
the surrounding '[' and ']', plus the terminating NULL character.
|
|||
|
|
---
|
|||
|
|
find/ftsfind.c | 2 +-
|
|||
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|||
|
|
|
|||
|
|
diff --git a/find/ftsfind.c b/find/ftsfind.c
|
|||
|
|
index 607ea8d3..57804950 100644
|
|||
|
|
--- a/find/ftsfind.c
|
|||
|
|
+++ b/find/ftsfind.c
|
|||
|
|
@@ -143,7 +143,7 @@ static void init_mounted_dev_list (void);
|
|||
|
|
static const char *
|
|||
|
|
get_fts_info_name (int info)
|
|||
|
|
{
|
|||
|
|
- static char buf[10];
|
|||
|
|
+ static char buf[14];
|
|||
|
|
switch (info)
|
|||
|
|
{
|
|||
|
|
HANDLECASE(FTS_D);
|
|||
|
|
--
|
|||
|
|
2.19.1
|
|||
|
|
|