[llvm-bugs] [Bug 38116] New: overflow at realpath()

via llvm-bugs llvm-bugs at lists.llvm.org
Tue Jul 10 02:09:56 PDT 2018


            Bug ID: 38116
           Summary: overflow at realpath()
           Product: lld
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P
         Component: All Bugs
          Assignee: unassignedbugs at nondot.org
          Reporter: mortalfw at gmail.com
                CC: llvm-bugs at lists.llvm.org


if (!realpath(SrcPath.str().c_str(), CanonicalPath))

According to the documentation of realpath() the output buffer needs to be at
least of size PATH_MAX specifying output buffers large enough to handle the
maximum-size possible result from path manipulation functions. (In that
instance, buf's size comes from uv__fs_pathmax_size(). That function attempts
to use pathconf(path, _PC_PATH_MAX) as noted in the realpath(3) docs)

But over here uv__fs_pathmax_size() nor pathconf(path, _PC_PATH_MAX) is used.

Passing an inadequately-sized output buffer to a path manipulation function can
result in a buffer overflow. Such functions include realpath() readlink()
PathAppend() and others.

You are receiving this mail because:
You are on the CC list for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/llvm-bugs/attachments/20180710/c0970b05/attachment.html>

More information about the llvm-bugs mailing list