Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Buffer overrun can happen in util.c #3200

Closed
yiyuaner opened this issue Jul 18, 2022 · 1 comment · Fixed by #3220
Closed

Buffer overrun can happen in util.c #3200

yiyuaner opened this issue Jul 18, 2022 · 1 comment · Fixed by #3220
Assignees
@embg
Labels
bug good first issue

Comments

@yiyuaner
Copy link
Contributor

In the file programs/util.c, the function mallocAndJoin2Dir has the following code:

static char* mallocAndJoin2Dir(const char *dir1, const char *dir2) {
    const size_t dir1Size = strlen(dir1);
    const size_t dir2Size = strlen(dir2);
    char *outDirBuffer;
    ...
    outDirBuffer = (char *) malloc(dir1Size + dir2Size + 2);
    ...
    buffer = outDirBuffer + dir1Size;
    trailingChar = *(buffer - 1);
}

When dir1Size=0 (i.e., dir1="" ), the buffer access *(buffer - 1) is out of bound.
@embg embg self-assigned this Jul 26, 2022
@terrelln terrelln assigned terrelln and embg and unassigned embg and terrelln Jul 26, 2022
@embg embg mentioned this issue Jul 29, 2022
Merged
@embg embg closed this as completed in #3220 Aug 1, 2022
@liu-yichen-github
Copy link

Can you provide an example that triggers this issue?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@embg embg

Labels
bug good first issue
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Disallow empty string as argument for --output-dir-flat and --output-dir-mirror embg/zstd
5 participants
@felixhandte @terrelln @embg @yiyuaner @liu-yichen-github