projects / p5sagit/p5-mst-13.2.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (parent: 83437be)
SECURITY FIX: Buffer overflow in gv_fetchfile()
Chip Salzenberg [Fri, 18 Apr 1997 00:00:00 +0000 (00:00 +0000)]
gv.c patch | blob | blame | history

diff --git a/gv.c b/gv.c
index 8bb1f10..90eee26 100644 (file)
--- a/gv.c
+++ b/gv.c
@@ -58,15 +58,24 @@ GV *
 gv_fetchfile(name)
 char *name;
 {
-    char tmpbuf[1200];
+    char smallbuf[256];
+    char *tmpbuf;
     STRLEN tmplen;
     GV *gv;
 
-    sprintf(tmpbuf, "_<%s", name);
-    tmplen = strlen(tmpbuf);
+    tmplen = strlen(name) + 2;
+    if (tmplen < sizeof smallbuf)
+       tmpbuf = smallbuf;
+    else
+       New(603, tmpbuf, tmplen + 1, char);
+    tmpbuf[0] = '_';
+    tmpbuf[1] = '<';
+    strcpy(tmpbuf + 2, name);
     gv = *(GV**)hv_fetch(defstash, tmpbuf, tmplen, TRUE);
     if (!isGV(gv))
        gv_init(gv, defstash, tmpbuf, tmplen, FALSE);
+    if (tmpbuf != smallbuf)
+       Safefree(tmpbuf);
     sv_setpv(GvSV(gv), name);
     if (*name == '/' && (instr(name, "/lib/") || instr(name, ".pm")))
        GvMULTI_on(gv);
Unnamed repository; edit this file to name it for gitweb.