| www.delorie.com/archives/browse.cgi | search |
| Date: | Tue, 10 Jul 2001 15:10:18 +0300 (IDT) |
| From: | Eli Zaretskii <eliz AT is DOT elta DOT co DOT il> |
| X-Sender: | eliz AT is |
| To: | Martin Str|mberg <ams AT ludd DOT luth DOT se> |
| cc: | djgpp-workers AT delorie DOT com |
| Subject: | Re: glob buffer overflow fix |
| In-Reply-To: | <200107101137.NAA01123@father.ludd.luth.se> |
| Message-ID: | <Pine.SUN.3.91.1010710150040.20713A-100000@is> |
| MIME-Version: | 1.0 |
| Reply-To: | djgpp-workers AT delorie DOT com |
| Errors-To: | nobody AT delorie DOT com |
| X-Mailing-List: | djgpp-workers AT delorie DOT com |
| X-Unsubscribes-To: | listserv AT delorie DOT com |
On Tue, 10 Jul 2001, Martin Str|mberg wrote: > According to Mark E.: > > This patch adds buffer overflow checks to the output buffer. The idea is that > > a filename in the output buffer can't be valid and won't match if its size is > > greater or equal to 2000 bytes (or whatever impossible length). > > Any reason for not using MAXPATH (or PATH_MAX)? You cannot limit the buffer at PATH_MAX because the string crunched by glob can include wildcard characters. Consider this example: [abcdefghIJKLMNOP][xyzXYZ09876]*/[!-RSTUVrstuv_]*/*.[cShyl] etc., etc. So if you want a constant that is not entirely arbitrary, you need something like FILENAME_MAX * ((128 - 32 - 5)*1.5 + 2 + 1) (I probably didn't get that count entirely accurate), which is 10 times more than 2000.
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |