From 13ecb7e5cf4ee769801e53d9df87141c6730e825 Mon Sep 17 00:00:00 2001 From: Eric Wong Date: Sat, 3 Sep 2022 10:58:20 +0000 Subject: paranoid safety fix to clamp pathnames to PATH_MAX While I doubt Ruby (nor Perl) would store pathnames longer than PATH_MAX by default, it's possible `eval' users to specify whatever path (and line number) they wish to use. Likely was the case with `# line $FILE' directives in Perl5 which prompted this clamping. --- ext/mwrap/mwrap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ext/mwrap/mwrap.c b/ext/mwrap/mwrap.c index 90f560e..08761d6 100644 --- a/ext/mwrap/mwrap.c +++ b/ext/mwrap/mwrap.c @@ -470,6 +470,8 @@ static struct src_loc *update_stats_rcu_lock(size_t size, uintptr_t caller) /* avoid vsnprintf or anything which could call malloc here: */ len = strlen(ptr); + if (len > PATH_MAX) + len = PATH_MAX; k = (void *)kbuf; k->total = size; dst = mempcpy(k->k, ptr, len); -- cgit v1.2.3-24-ge0c7