diff options
| author | Mikael Magnusson <mikachu@gmail.com> | 2026-05-08 16:55:35 +0200 |
|---|---|---|
| committer | Mikael Magnusson <mikachu@gmail.com> | 2026-05-16 18:28:27 +0200 |
| commit | bb01ed6b9a140d889a65390ce20ee1070bd271f9 (patch) | |
| tree | 3368852c98b38bf28dd1b7781687b09739f098c1 /Src/exec.c | |
| parent | 54536: Coverity CID 1255827 Fix leak of prog in loadautofn() (diff) | |
| download | zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar.gz zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar.bz2 zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar.lz zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar.xz zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.tar.zst zsh-bb01ed6b9a140d889a65390ce20ee1070bd271f9.zip | |
54537: Coverity CID 1372427 buffer overrun in zexecve()
This one is probably harmless, it's in BSS and we're about to throw away
our entire address space. Ironically I think this change doesn't
actually fix the CID because it's complaining about the strcpy, but pth
will always fit in buf, the problem is pwd.
Diffstat (limited to 'Src/exec.c')
| -rw-r--r-- | Src/exec.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/Src/exec.c b/Src/exec.c index 675245cae..7ea669f35 100644 --- a/Src/exec.c +++ b/Src/exec.c @@ -504,7 +504,7 @@ static int zexecve(char *pth, char **argv, char **newenvp) { int eno; - static char buf[PATH_MAX * 2+1]; + static char buf[PATH_MAX * 2+2+1+1]; /* enough room if pwd fits in PATH_MAX */ char **eep; unmetafy(pth, NULL); @@ -516,7 +516,8 @@ zexecve(char *pth, char **argv, char **newenvp) if (*pth == '/') strcpy(buf + 2, pth); else - sprintf(buf + 2, "%s/%s", unmeta(pwd), pth); + /* not checking for truncation because what would we do? */ + snprintf(buf + 2, sizeof(buf) - 2, "%s/%s", unmeta(pwd), pth); zputenv(buf); #ifndef FD_CLOEXEC closedumps(); |