<<< Date Index >>>     <<< Thread Index >>>

crash in realpath()



Hi,

I got a bug report about mutt crashing in realpath():

https://bugzilla.redhat.com/show_bug.cgi?id=492861

It's caused by using buffer which is smaller than PATH_MAX bytes. When
compiled with FORTIFY_SOURCE, glibc will check the length in runtime
and abort even when the result fits in the smaller buffer.

This fixes the problem for me:

--- a/hcache.c  Sat Mar 28 22:37:22 2009 +0100
+++ b/hcache.c  Tue Mar 31 14:32:22 2009 +0200
@@ -836,7 +836,7 @@
    * to ensure equivalent paths share the hcache */
   if (stat (folder, &st) == 0)
   {
-    p = safe_malloc (_POSIX_PATH_MAX+1);
+    p = safe_malloc (PATH_MAX+1);
     if (!realpath (folder, p))
       mutt_str_replace (&p, folder);
   } else
diff -r be9fb07730c6 muttlib.c
--- a/muttlib.c Sat Mar 28 22:37:22 2009 +0100
+++ b/muttlib.c Tue Mar 31 14:32:22 2009 +0200
@@ -759,7 +759,7 @@
   char *p = s, *q = s;
   size_t len;
   url_scheme_t scheme;
-  char tmp[_POSIX_PATH_MAX];
+  char tmp[PATH_MAX];
 
   scheme = url_check_scheme (s);
 

-- 
Miroslav Lichvar