fix possible stack overflow in filename completion

2006-11-15 13:28:29 +00:00 · 2006-11-15 13:28:29 +00:00 · 71ac31fcdd
commit 71ac31fcdd
parent 7d29001f9d
2 changed files with 22 additions and 8 deletions
--- a/src/common/completion.c
+++ b/src/common/completion.c
@ -290,12 +290,18 @@ completion_list_add_filename (t_completion *completion)
 {
    char *path_d, *path_b, *p, *d_name;
    char *real_prefix, *prefix;
-    char buffer[PATH_MAX];
+    char *buffer;
+    int buffer_len;
    DIR *dp;
    struct dirent *entry;
    struct stat statbuf;
    char home[3] = { '~', DIR_SEPARATOR_CHAR, '\0' };
    
+    buffer_len = PATH_MAX;
+    buffer = (char *) malloc (buffer_len * sizeof (char));
+    if (!buffer)
+	return;
+    
    completion->add_space = 0;
    
    if ((strncmp (completion->base_word, home, 2) == 0) && getenv("HOME"))
@ -315,7 +321,7 @@ completion_list_add_filename (t_completion *completion)
 	prefix = strdup (DIR_SEPARATOR);
    }
 	
-    snprintf (buffer, sizeof(buffer), "%s", completion->base_word + strlen (prefix));
+    snprintf (buffer, buffer_len, "%s", completion->base_word + strlen (prefix));
    p = strrchr (buffer, DIR_SEPARATOR_CHAR);
    if (p)
    {
@ -341,12 +347,12 @@ completion_list_add_filename (t_completion *completion)
 		if (strcmp (entry->d_name, ".") == 0 || strcmp (entry->d_name, "..") == 0)
 		    continue;
 		
-		snprintf(buffer, sizeof(buffer), "%s%s%s", 
+		snprintf(buffer, buffer_len, "%s%s%s", 
 			 d_name, DIR_SEPARATOR, entry->d_name);
 		if (stat(buffer, &statbuf) == -1)
 		    continue;
 		
-		snprintf(buffer, sizeof(buffer), "%s%s%s%s%s%s",
+		snprintf(buffer, buffer_len, "%s%s%s%s%s%s",
 			 prefix, 
 			 ((strcmp(prefix, "") == 0)
 			  || strchr(prefix, DIR_SEPARATOR_CHAR)) ? "" : DIR_SEPARATOR, 
@ -365,6 +371,7 @@ completion_list_add_filename (t_completion *completion)
    free (real_prefix);
    free (path_d);
    free (path_b);
+    free (buffer);
 }

 /*
--- a/weechat/src/common/completion.c
+++ b/weechat/src/common/completion.c
@ -290,12 +290,18 @@ completion_list_add_filename (t_completion *completion)
 {
    char *path_d, *path_b, *p, *d_name;
    char *real_prefix, *prefix;
-    char buffer[PATH_MAX];
+    char *buffer;
+    int buffer_len;
    DIR *dp;
    struct dirent *entry;
    struct stat statbuf;
    char home[3] = { '~', DIR_SEPARATOR_CHAR, '\0' };
    
+    buffer_len = PATH_MAX;
+    buffer = (char *) malloc (buffer_len * sizeof (char));
+    if (!buffer)
+	return;
+    
    completion->add_space = 0;
    
    if ((strncmp (completion->base_word, home, 2) == 0) && getenv("HOME"))
@ -315,7 +321,7 @@ completion_list_add_filename (t_completion *completion)
 	prefix = strdup (DIR_SEPARATOR);
    }
 	
-    snprintf (buffer, sizeof(buffer), "%s", completion->base_word + strlen (prefix));
+    snprintf (buffer, buffer_len, "%s", completion->base_word + strlen (prefix));
    p = strrchr (buffer, DIR_SEPARATOR_CHAR);
    if (p)
    {
@ -341,12 +347,12 @@ completion_list_add_filename (t_completion *completion)
 		if (strcmp (entry->d_name, ".") == 0 || strcmp (entry->d_name, "..") == 0)
 		    continue;
 		
-		snprintf(buffer, sizeof(buffer), "%s%s%s", 
+		snprintf(buffer, buffer_len, "%s%s%s", 
 			 d_name, DIR_SEPARATOR, entry->d_name);
 		if (stat(buffer, &statbuf) == -1)
 		    continue;
 		
-		snprintf(buffer, sizeof(buffer), "%s%s%s%s%s%s",
+		snprintf(buffer, buffer_len, "%s%s%s%s%s%s",
 			 prefix, 
 			 ((strcmp(prefix, "") == 0)
 			  || strchr(prefix, DIR_SEPARATOR_CHAR)) ? "" : DIR_SEPARATOR, 
@ -365,6 +371,7 @@ completion_list_add_filename (t_completion *completion)
    free (real_prefix);
    free (path_d);
    free (path_b);
+    free (buffer);
 }

 /*