Skip to content
Snippets Groups Projects
Commit 60e890e8 authored by deuce's avatar deuce
Browse files

Fix memory clobbering bug in _fullpath()... 

If part of the path were removed (ie: "//", "/./", or "/../"), it's possible
that the outer loop would extend past the string into uninitialized memory
where it could potentially corrupt things.

This was HIGHLY unlikely as it would stop at the first '/' and only corrupt
memory in the presence of the previously mentioned patterns.
parent e308b0b4
Branches
Tags
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 4 additions and 2 deletions
src/xpdev/dirwrap.c
+ 4
2
View file @ 60e890e8
......@@ -968,8 +968,8 @@ char * DLLCALL _fullpath(char *target, const char *path, size_t size) {
if(sb.st_mode&S_IFDIR)
strcat(target,"/"); */
for(;*out;out++) {
while(*out=='/') {
for(;*out;out++) {
while(*out=='/') {
if(*(out+1)=='/')
memmove(out,out+1,strlen(out));
else if(*(out+1)=='.' && (*(out+2)=='/' || *(out+2)==0))
......@@ -986,6 +986,8 @@ char * DLLCALL _fullpath(char *target, const char *path, size_t size) {
out++;
}
}
if (!*out)
break;
}
return(target);
}
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment