jimzah/zig
1
0
Fork 0
mirror of https://github.com/ziglang/zig.git synced 2024-11-28 16:12:33 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

std.os.execvpe: fix buffer overflow

Browse Source 
The NameTooLong check isn't taking the sentinel 0 into account which
would result in a buffer overflow on the stack.
This commit is contained in:
Jonathan Marler 2022-06-21 03:21:45 -06:00 committed by GitHub
parent 74ed7c1f09
commit ca98625789
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/std/os.zig
View File

@ -1821,11 +1821,11 @@ pub fn execvpeZ_expandArg0(
}; };
while (it.next()) |search_path| { while (it.next()) |search_path| {
if (path_buf.len < search_path.len + file_slice.len + 1) return error.NameTooLong; const path_len = search_path.len + file_slice.len + 1;
if (path_buf.len < path_len + 1) return error.NameTooLong;
mem.copy(u8, &path_buf, search_path); mem.copy(u8, &path_buf, search_path);
path_buf[search_path.len] = '/'; path_buf[search_path.len] = '/';
mem.copy(u8, path_buf[search_path.len + 1 ..], file_slice); mem.copy(u8, path_buf[search_path.len + 1 ..], file_slice);
const path_len = search_path.len + file_slice.len + 1;
path_buf[path_len] = 0; path_buf[path_len] = 0;
const full_path = path_buf[0..path_len :0].ptr; const full_path = path_buf[0..path_len :0].ptr;
switch (arg0_expand) { switch (arg0_expand) {