[tlbuild] Buffer overrun in dvi2tty (and lacheck)
Ken Brown
kbrow1i at gmail.com
Wed Jun 20 22:22:28 CEST 2012
On 6/20/2012 4:50 AM, Peter Breitenlohner wrote:
> Moreover, I would suggest
> to check all other occurences of malloc().
Hi Peter,
I assume you meant all other occurrences of strcpy and strcat. I agree
that this needs to be done For now, I'll just mention one other buffer
overrun that I stumbled across because another test failed when the file
name was too long:
lacheck uses a buffer of size 100 for returnval. Eventually
f_checkend(file_name) is called, which calls print_bad_match, which
calls eg_command, which calls, in effect, strcat(returnval, file_name),
which is bad if file_name is long.
I guess the solution is similar to the one you proposed for dvi2tty, in
which a big enough buffer is malloc'd for returnval, once file_name is
known.
I hope there aren't too many more of these overruns.
Ken
More information about the tlbuild
mailing list