<html> <head> <base href="https://bugs.documentfoundation.org/"> </head> <body> <div> <a class="bz_bug_link bz_status_UNCONFIRMED " title="UNCONFIRMED - overflow at realpath()" href="https://bugs.documentfoundation.org/show_bug.cgi?id=118514#c4">Comment # 4</a> on <a class="bz_bug_link bz_status_UNCONFIRMED " title="UNCONFIRMED - overflow at realpath()" href="https://bugs.documentfoundation.org/show_bug.cgi?id=118514">bug 118514</a> from <a class="email" href="mailto:mishra.dhiraj95@gmail.com" title="Dhiraj <mishra.dhiraj95@gmail.com>"> Dhiraj</a> <pre>(In reply to Stephan Bergmann from <a href="show_bug.cgi?id=118514#c3">comment #3</a>) > (In reply to Dhiraj from <a href="show_bug.cgi?id=118514#c0">comment #0</a>) > > File: > > <a href="https://github.com/LibreOffice/core/blob/master/desktop/unx/source/start">https://github.com/LibreOffice/core/blob/master/desktop/unx/source/start</a>. > > c#L191 > > i.e., > > dummy = realpath(pPath, pRealPath); > > > This function does not protect against buffer overflows, and some > > implementations can overflow internally. > > > > Ensure that the destination buffer is at least of size MAXPATHLEN, andto > > protect against implementation problems, the input argument should also be > > checked to ensure it is no larger than MAXPATHLEN. > > What is MAXPATHLEN? What platform are you talking about? At least SUSv4 > doesn't have any such requirements on realpath(3), nor does it mention > MAXPATHLEN. > > > According to the documentation of realpath() the output buffer needs to be > > at least of size PATH_MAX specifying output buffers large enough to handle > > the maximum-size possible result from path manipulation functions. > > ...and pRealPath is of sufficient size, see > > char pRealPath[PATH_MAX]; > > a few lines further up. Or what am I missing? In FreeBSD libc</pre> </div> <hr> You are receiving this mail because: <ul> <li>You are the assignee for the bug.</li> </ul> </body> </html>