-
-
Notifications
You must be signed in to change notification settings - Fork 513
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[redbean] os.tmpname crashes redbean #1108
Comments
mrdomino
added a commit
to mrdomino/cosmopolitan
that referenced
this issue
May 18, 2024
At least on macOS, `strlen(getenv("TMPDIR"))` is 50. That's right, there was a buffer overflow.
mrdomino
added a commit
to mrdomino/cosmopolitan
that referenced
this issue
May 18, 2024
Now we actually do a bounds check, and the function fails if the $TMPDIR is too big.
mrdomino
added a commit
to mrdomino/cosmopolitan
that referenced
this issue
May 19, 2024
At least on macOS, `strlen(getenv("TMPDIR"))` is 50. We now allow a /tmp that takes up to 120 or so bytes to spell. Instead of overflowing, we do a bounds check and the function fails successfully on even longer /tmps. Fixes jart#1108 (os.tmpname crashes redbean)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Trying to use
os.tmpname
crashes redbean. I've been able to reproduce this in both Windows (native), Windows (WSL) and mac OS.This is a stack trace:
The text was updated successfully, but these errors were encountered: