diff options
authorRich Felker <>2011-06-05 19:29:52 -0400
committerRich Felker <>2011-06-05 19:29:52 -0400
commit0dc99ac413d8bc054a2e95578475c7122455eee8 (patch)
parenta6c399cf62bbd88f0f0142fd3e9e1e72bd093bc3 (diff)
safety fix for glob's vla usage: disallow patterns longer than PATH_MAX
this actually inadvertently disallows some valid patterns with redundant / or * characters, but it's better than allowing unbounded vla allocation. eventually i'll write code to move the pattern to the stack and eliminate redundancy to ensure that it fits in PATH_MAX at the beginning of glob. this would also allow it to be modified in place for passing to fnmatch rather than copied at each level of recursion.
1 files changed, 2 insertions, 0 deletions
diff --git a/src/regex/glob.c b/src/regex/glob.c
index 9a70f0bc..67f84bcf 100644
--- a/src/regex/glob.c
+++ b/src/regex/glob.c
@@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err),
d = "";
+ if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
if (!errfunc) errfunc = ignore_err;
if (!(flags & GLOB_APPEND)) {