Date: Thu, 10 Dec 2020 09:31:05 +0000 (UTC) From: =?UTF-8?Q?Stefan_E=c3=9fer?= <se@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r368503 - head/usr.sbin/crunch/crunchgen Message-ID: <202012100931.0BA9V5va083501@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: se Date: Thu Dec 10 09:31:05 2020 New Revision: 368503 URL: https://svnweb.freebsd.org/changeset/base/368503 Log: Lift scope of buf[] to make it extend to a potential access via *basename It can be assumed that the contents of the buffer was still allocated and valid at the point of the out-of-scope access, so there was no security issue in practice. Reported by: Coverity Scan CID 1437697 MFC after: 3 days Modified: head/usr.sbin/crunch/crunchgen/crunched_main.c Modified: head/usr.sbin/crunch/crunchgen/crunched_main.c ============================================================================== --- head/usr.sbin/crunch/crunchgen/crunched_main.c Thu Dec 10 09:30:09 2020 (r368502) +++ head/usr.sbin/crunch/crunchgen/crunched_main.c Thu Dec 10 09:31:05 2020 (r368503) @@ -114,6 +114,7 @@ main(int argc, char **argv, char **envp) { struct stub *ep = NULL; const char *basename = NULL; + char buf[MAXPATHLEN]; /* * Look at __progname first (this will be set if the crunched binary is @@ -141,7 +142,6 @@ main(int argc, char **argv, char **envp) * try AT_EXECPATH to get the actual binary that was executed. */ if (ep == NULL) { - char buf[MAXPATHLEN]; int error = elf_aux_info(AT_EXECPATH, &buf, sizeof(buf)); if (error == 0) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202012100931.0BA9V5va083501>