Re: Obscure overflow with very long path; completion

[Bart Schaefer <schaefer@xxxxxxxxxxxxxxxx>]

On May 6,  4:10am, Geoff Wing wrote:
} Subject: Re: Obscure overflow with very long path; completion
}
} These two in utils.c:
}    static char xbuf[PATH_MAX*2];
} and
}    char xbuf2[PATH_MAX*2], ...
} are insufficient because the path is over twice the allowed PATH_MAX
} (1024) on my machine.

Try this patch?

My fear is that this is going to lead to slowness such as that fixed by
the recent patches to the globbing code, but hopefully this isn't called
quite as often.

Index: Src/utils.c
===================================================================
retrieving revision 1.23
diff -c -r1.23 utils.c
--- Src/utils.c	14 Apr 2005 04:33:51 -0000	1.23
+++ Src/utils.c	7 May 2005 16:11:26 -0000
@@ -358,14 +358,19 @@
 	    *p = '\0';
 	    continue;
 	}
-	sprintf(xbuf2, "%s/%s", xbuf, *pp);
-	t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
+	if (ztrlen(xbuf) >= PATH_MAX-1 || ztrlen(*pp) >= PATH_MAX-1) {
+	  t0 = -1;
+	} else {
+	  sprintf(xbuf2, "%s/%s", xbuf, *pp);
+	  t0 = readlink(unmeta(xbuf2), xbuf3, PATH_MAX);
+	}
 	if (t0 == -1) {
 	    strcat(xbuf, "/");
 	    strcat(xbuf, *pp);
 	    zsfree(*pp);
 	} else {
-	    ret = 1;
+	    DPUTS(t0 == PATH_MAX, "BUG: overflow in readlink()");
+ 	    ret = 1;
 	    metafy(xbuf3, t0, META_NOALLOC);
 	    if (*xbuf3 == '/') {
 		strcpy(xbuf, "");