Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to content

Commit 332f02f

Browse files
committed
Use FLEXIBLE_ARRAY_MEMBER in Windows-specific code.
Be a tad more paranoid about overlength input, too.
1 parent 82a532b commit 332f02f

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

src/port/dirmod.c

+6-6
Original file line numberDiff line numberDiff line change
@@ -143,7 +143,7 @@ typedef struct
143143
WORD SubstituteNameLength;
144144
WORD PrintNameOffset;
145145
WORD PrintNameLength;
146-
WCHAR PathBuffer[1];
146+
WCHAR PathBuffer[FLEXIBLE_ARRAY_MEMBER];
147147
} REPARSE_JUNCTION_DATA_BUFFER;
148148

149149
#define REPARSE_JUNCTION_DATA_BUFFER_HEADER_SIZE \
@@ -160,7 +160,7 @@ pgsymlink(const char *oldpath, const char *newpath)
160160
{
161161
HANDLE dirhandle;
162162
DWORD len;
163-
char buffer[MAX_PATH * sizeof(WCHAR) + sizeof(REPARSE_JUNCTION_DATA_BUFFER)];
163+
char buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)];
164164
char nativeTarget[MAX_PATH];
165165
char *p = nativeTarget;
166166
REPARSE_JUNCTION_DATA_BUFFER *reparseBuf = (REPARSE_JUNCTION_DATA_BUFFER *) buffer;
@@ -174,10 +174,10 @@ pgsymlink(const char *oldpath, const char *newpath)
174174
return -1;
175175

176176
/* make sure we have an unparsed native win32 path */
177-
if (memcmp("\\??\\", oldpath, 4))
178-
sprintf(nativeTarget, "\\??\\%s", oldpath);
177+
if (memcmp("\\??\\", oldpath, 4) != 0)
178+
snprintf(nativeTarget, sizeof(nativeTarget), "\\??\\%s", oldpath);
179179
else
180-
strcpy(nativeTarget, oldpath);
180+
strlcpy(nativeTarget, oldpath, sizeof(nativeTarget));
181181

182182
while ((p = strchr(p, '/')) != NULL)
183183
*p++ = '\\';
@@ -239,7 +239,7 @@ pgreadlink(const char *path, char *buf, size_t size)
239239
{
240240
DWORD attr;
241241
HANDLE h;
242-
char buffer[MAX_PATH * sizeof(WCHAR) + sizeof(REPARSE_JUNCTION_DATA_BUFFER)];
242+
char buffer[MAX_PATH * sizeof(WCHAR) + offsetof(REPARSE_JUNCTION_DATA_BUFFER, PathBuffer)];
243243
REPARSE_JUNCTION_DATA_BUFFER *reparseBuf = (REPARSE_JUNCTION_DATA_BUFFER *) buffer;
244244
DWORD len;
245245
int r;

0 commit comments

Comments
 (0)