Blob Blame Raw
diff -u -r recode-3.6.orig/src/common.h recode-3.6/src/common.h
--- recode-3.6.orig/src/common.h	2000-06-28 20:40:15.000000000 +0200
+++ recode-3.6/src/common.h	2017-10-03 13:52:09.904644383 +0200
@@ -56,13 +56,14 @@
 # define RETSIGTYPE void
 #endif
 
-#if DIFF_HASH
-# ifdef HAVE_LIMITS_H
-#  include <limits.h>
-# endif
-# ifndef CHAR_BIT
-#  define CHAR_BIT 8
-# endif
+#ifdef HAVE_LIMITS_H
+# include <limits.h>
+#endif
+#ifndef CHAR_BIT
+# define CHAR_BIT 8
+#endif
+#ifndef PATH_MAX
+# define PATH_MAX 4096
 #endif
 
 /* Some systems do not define EXIT_*, even with STDC_HEADERS.  */
diff -u -r recode-3.6.orig/src/main.c recode-3.6/src/main.c
--- recode-3.6.orig/src/main.c	2000-12-06 20:44:59.000000000 +0100
+++ recode-3.6/src/main.c	2017-10-03 14:32:51.274017940 +0200
@@ -847,7 +847,7 @@
 	  for (; optind < argc; optind++)
 	    {
 	      const char *input_name;
-	      char output_name[200]; /* FIXME: dangerous limit */
+	      char output_name[PATH_MAX];
 	      FILE *file;
 	      struct stat file_stat;
 	      struct utimbuf file_utime;
@@ -871,7 +871,12 @@
 
 		/* FIXME: Scott Schwartz <schwartz@bio.cse.psu.edu> writes:
 		   "There's no reason to think that that name is unique."  */
-
+        // To avoid overflows, the size of the array pointed by destination (output_name)
+        // shall be long enough to contain the same C string as source
+        // (including the terminating null character).
+        if (strlen(input_name) >= PATH_MAX) {
+            error (EXIT_FAILURE, 0, "input_name reach the PATH_MAX limit");
+        }
 		strcpy (output_name, input_name);
 #if DOSWIN_OR_OS2
 		for (cursor = output_name + strlen (output_name);