[COMMIT] fix buffer overrun in pdump_load()

Wed Aug 22 11:15:55 EDT 2007

APPROVE COMMIT 

NOTE: This patch has been committed.

Thank you Nix! And sorry about the delay. 

See 

87y7r4lzwf.fsf at hades.wkstn.nix , also

http://calypso.tux.org/pipermail/xemacs-patches/2006-October/000017.html

for the rationalisation of ths. 


src/ChangeLog addition:

2006-10-26  Nix  <nix at esperi.org.uk>

	* dumper.c (pdump_load): Statically allocate a large enough
	exe_path for all conceivable uses. Fixes a buffer overrun.
	* text.h (MAX_XETCHAR_SIZE): Define, for PATH_MAX_EXTERNAL.


XEmacs Trunk source patch:
Diff command:   cvs -q diff -u
Files affected: src/text.h
===================================================================
RCS src/dumper.c
===================================================================
RCS

Index: src/dumper.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/dumper.c,v
retrieving revision 1.35
diff -u -r1.35 dumper.c

--- src/dumper.c	2007/05/19 18:04:19	1.35
+++ src/dumper.c	2007/08/22 14:57:40
@@ -2659,7 +2659,7 @@
       wext_strcpy (exe_path, wexe);
     }
 #else /* !WIN32_NATIVE */
-  Wexttext *exe_path;
+  Wexttext exe_path[PATH_MAX_EXTERNAL];
   Wexttext *w;
   const Wexttext *dir, *p;
 
@@ -2693,8 +2693,7 @@
   if (p != dir)
     {
       /* invocation-name includes a directory component -- presumably it
-	 is relative to cwd, not $PATH */
-      exe_path = alloca_array (Wexttext, 1 + wext_strlen (dir));
+	 is relative to cwd, not $PATH. */
       wext_strcpy (exe_path, dir);
     }
   else
@@ -2702,9 +2701,6 @@
       const Wexttext *path = wext_getenv ("PATH"); /* not egetenv --
 						     not yet init. */
       const Wexttext *name = p;
-      exe_path = alloca_array (Wexttext,
-			       10 + max (wext_strlen (name),
-					 wext_strlen (path)));
       for (;;)
 	{
 	  p = path;
Index: src/text.h
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/src/text.h,v
retrieving revision 1.29
diff -u -r1.29 text.h
--- src/text.h	2005/11/13 10:48:04	1.29
+++ src/text.h	2007/08/22 14:57:41
@@ -2988,6 +2988,7 @@
 /* Extra indirection needed in case of manifest constant as arg */
 #define WEXTSTRING_1(arg) L##arg
 #define WEXTSTRING(arg) WEXTSTRING_1(arg)
+#define MAX_XETCHAR_SIZE sizeof (WCHAR)
 #define wext_strlen wcslen
 #define wext_strcmp wcscmp
 #define wext_strncmp wcsncmp
@@ -3013,6 +3014,7 @@
 #else
 #define WEXTTEXT_ZTERM_SIZE sizeof (char)
 #define WEXTSTRING(arg) arg
+#define MAX_XETCHAR_SIZE sizeof (char)
 #define wext_strlen strlen
 #define wext_strcmp strcmp
 #define wext_strncmp strncmp

-- 
On the quay of the little Black Sea port, where the rescued pair came once
more into contact with civilization, Dobrinton was bitten by a dog which was
assumed to be mad, though it may only have been indiscriminating. (Saki)

