[paranoia-dev] Buffer bug in main.c
Jason
cdp at lunkwill.org
Thu Jun 28 16:25:31 PDT 2001
Starting at line 1081 of main.c:
char path[256];
char *post=strrchr(argv[optind+1],'/');
int pos=(post?post-argv[optind+1]+1:0);
char *file=argv[optind+1]+pos;
path[0]='\0';
if(pos)
strncat(path,argv[optind+1],pos>256?256:pos);
^
|
This line will overwrite the end of the buffer if you give a >=256 char
path. Gotta remember to leave an extra slot for the null.
-J
--- >8 ----
List archives: http://www.xiph.org/archives/
Paranoia homepage: http://www.xiph.org/paranoia/
To unsubscribe from this list, send mail to 'paranoia-dev-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Paranoia-dev
mailing list