diff options
| author | Mikael Magnusson <mikachu@gmail.com> | 2026-05-08 15:12:57 +0200 |
|---|---|---|
| committer | Mikael Magnusson <mikachu@gmail.com> | 2026-05-25 07:05:09 +0200 |
| commit | 734a26d6ae88a436d477bf1855c90fcb4b581320 (patch) | |
| tree | 3021ffafe8173fd3e19258b0354fbdfc34dd65d3 /Completion/Unix/Command | |
| parent | 54593: fix two edge cases in join_strs (diff) | |
| download | zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar.gz zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar.bz2 zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar.lz zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar.xz zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.tar.zst zsh-734a26d6ae88a436d477bf1855c90fcb4b581320.zip | |
54594: fix two very similar coverity issues
Coverity CID 1255838 stack buffer overflow in execute()
Coverity CID 1255846 stack buffer overflow in findcmd()
This can be triggered by inserting long entries manually, then using
=foo expansion. Unfortunately, it is also possible to overflow buf by
importing a PATH entry that's over 4xPATH_MAX characters long.
There was also some related confusion about how long a path can be and
when/how to check the length of metafied strings, so fix all that up
too. Use MAXCMDLEN (which is PATH_MAX*4) for metafied strings, though
this is a little overkill, metafication can only double the length. We
do not at least need the +1 at the end. PATH_MAX includes the
terminating nul byte, so we make sure to not be off-by-one on our ztrlen
checks too.
The hunks in execute() are quite specific about the ztrlen length so it
can continue checking or return the correct error, while findcmd() just
relies on RET_IF_COM to work correctly instead.
Somewhat unrelated change that snuck in, return 127 when the command is
too long like the other exec failures, because I had to add a new
return anyway.
Diffstat (limited to 'Completion/Unix/Command')
0 files changed, 0 insertions, 0 deletions