Open Humm42 opened 2 years ago
To provide some additional information. The problem is the following code:
DWBhomedir
may exceed the 100 bytes buffer on its own and there is no bounds check. For example, on our Alpine Linux builders DWBhomedir
is: /builds/alpine/aports/community/plan9port/src/plan9port-d0d440860f2000a1560abb3f593cdc325fcead4c/
. On our builders, this causes a segfault as the buffer overflow is detected by -D_FORTIFY_SOURCE=2
(which we enable by default).
Troff uses fixed-size buffers (eg., src/cmd/troff/n1.c:229) for various strings (eg., src/cmd/troff/n1.c:249), causing buffer overflows with input data too long. In particular, DWBhomedir can exceed 100 bytes.
Such buffers should be (re)allocated dynamically.