missing bounds check in makedepend for file arguments

When assigning source code files from the command line to the fp pointer, no bounds check is done and if more than MAXFILES file names are specified on the command line, memory will be overridden out of bounds. https://bugs.freedesktop.org/show_bug.cgi?id=94099 Reviewed-by: Alan Coopersmith <alan.coopersmith@oracle.com> Tested-by: Alan Coopersmith <alan.coopersmith@oracle.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
author: Dirk <doj@cubic.org> 2016-02-11 18:48:13 +0000
committer: Alan Coopersmith <alan.coopersmith@oracle.com> 2018-03-24 00:48:01 -0700
commit: 0860822bb2a1bbc6e40758e2e6413181b26b6b04 (patch)
tree: 5add5dce985617ee39e0a6fa793dc529fef78a62
parent: 72cc0b7713b28ffd03271526c81d1ad9d2183a82 (diff)
download: xorg-util-makedepend-0860822bb2a1bbc6e40758e2e6413181b26b6b04.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/main.c b/main.c
index e73cd8d..e5cb70c 100644
--- a/main.c
+++ b/main.c
@@ -232,6 +232,9 @@ main(int argc, char *argv[])
 			/* treat +thing as an option for C++ */
 			if (endmarker && **argv == '+')
 				continue;
+			if (fp >= filelist + MAXFILES) {
+			    fatalerr("Too many source files. Limit is %i files.\n", MAXFILES);
+			}
 			*fp++ = argv[0];
 			continue;
 		}
author	Dirk <doj@cubic.org>	2016-02-11 18:48:13 +0000
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2018-03-24 00:48:01 -0700
commit	0860822bb2a1bbc6e40758e2e6413181b26b6b04 (patch)
tree	5add5dce985617ee39e0a6fa793dc529fef78a62
parent	72cc0b7713b28ffd03271526c81d1ad9d2183a82 (diff)
download	xorg-util-makedepend-0860822bb2a1bbc6e40758e2e6413181b26b6b04.tar.gz