REPLACEFILE buffer overflow

[sicklittlemonkey]

This is why strdup() is considered harmful!

      char *prodos_file_name = strdup(param->prodos_folder_path);
...
        strcat(prodos_file_name, "/");
      strcat(prodos_file_name, file_name);

Would submit a PR but not sure how you want to handle it. Other code in the project is very conservative with filename/path lengths, eg:

   char prodos_folder_path[1024];

Also worth keeping comments up to date - should be REPLACEFILE:

  /** ADDFILE <2mg_image_path> <target_folder_path> <file_path> **/
  if(!my_stricmp(argv[1],"REPLACEFILE") && argc == 5)
    {
      param->action = ACTION_REPLACE_FILE;

Cheers, Nick.

[mach-kernel]

Good find! I'd be happy to receive a PR if you have it or if you'd like I can fix it with the other bug that was opened. 😸

[sicklittlemonkey]

I don't have a PR ready, and my allotted retro time for today is done!

It took me longer than I'd like to admit to find this. In a VS debug build the error would appear on cleanup in free()ing code, so I spent a couple of hours understanding the code and tracking back - until I realized it wasn't a free problem at all, and the likeliest place for a buffer overflow was the latest changes.