[llvm-bugs] [Bug 38116] New: overflow at realpath()
via llvm-bugs
llvm-bugs at lists.llvm.org
Tue Jul 10 02:09:56 PDT 2018
https://bugs.llvm.org/show_bug.cgi?id=38116
Bug ID: 38116
Summary: overflow at realpath()
Product: lld
Version: unspecified
Hardware: PC
OS: Linux
Status: NEW
Severity: normal
Priority: P
Component: All Bugs
Assignee: unassignedbugs at nondot.org
Reporter: mortalfw at gmail.com
CC: llvm-bugs at lists.llvm.org
File:
llvm-mirror/clang/blob/master/lib/Frontend/ModuleDependencyCollector.cpp#L108
i.e
if (!realpath(SrcPath.str().c_str(), CanonicalPath))
According to the documentation of realpath() the output buffer needs to be at
least of size PATH_MAX specifying output buffers large enough to handle the
maximum-size possible result from path manipulation functions. (In that
instance, buf's size comes from uv__fs_pathmax_size(). That function attempts
to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3) docs)
But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is used.
Passing an inadequately-sized output buffer to a path manipulation function can
result in a buffer overflow. Such functions include realpath() readlink()
PathAppend() and others.
--
You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180710/c0970b05/attachment.html>
More information about the llvm-bugs
mailing list