mirrors/cosmopolitan
1
0
Fork 0
mirror of https://github.com/jart/cosmopolitan.git synced 2025-06-03 11:12:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix buffer overflow in os.tmpname (#1180)

Browse source 
At least on macOS, `strlen(getenv("TMPDIR"))` is 50. We now allow a /tmp
that takes up to 120 or so bytes to spell. Instead of overflowing, we do
a bounds check and the function fails successfully on even longer /tmps.

Fixes #1108 (os.tmpname crashes redbean)
This commit is contained in:
Jōshin 2024-05-20 00:46:27 -07:00 committed by GitHub
parent 4292348707
commit 65c9b28e99
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 6 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

2
third_party/lua/README.cosmo vendored
View file

@ -36,3 +36,5 @@ LOCAL MODIFICATIONS
Added Python-like printf modulus operator for strings.
Added Python-like printf multiply operator for strings.
Fixed a buffer overflow in os.tmpname