From d0278ec97ffd252094cf56ea00e40b3c6f442a7a Mon Sep 17 00:00:00 2001
From: Andrew MacIntyre <andymac@bullseye.apana.org.au>
Date: Sun, 12 Dec 2004 08:28:11 +0000
Subject: OS/2 specific fixes related to SF bug # 1003471

---
 PC/os2emx/getpathp.c   | 13 ++++++++++++-
 PC/os2vacpp/getpathp.c | 11 +++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

(limited to 'PC')

diff --git a/PC/os2emx/getpathp.c b/PC/os2emx/getpathp.c
index 4a4c8939453..7bfd19e0ce3 100644
--- a/PC/os2emx/getpathp.c
+++ b/PC/os2emx/getpathp.c
@@ -132,7 +132,16 @@ ismodule(char *filename)
 	return 0;
 }
 
-/* guarantees buffer will never overflow MAXPATHLEN+1 bytes */
+/* Add a path component, by appending stuff to buffer.
+   buffer must have at least MAXPATHLEN + 1 bytes allocated, and contain a
+   NUL-terminated string with no more than MAXPATHLEN characters (not counting
+   the trailing NUL).  It's a fatal error if it contains a string longer than
+   that (callers must be careful!).  If these requirements are met, it's
+   guaranteed that buffer will still be a NUL-terminated string with no more
+   than MAXPATHLEN characters at exit.  If stuff is too long, only as much of
+   stuff as fits will be appended.
+*/
+
 static void
 join(char *buffer, char *stuff)
 {
@@ -144,6 +153,8 @@ join(char *buffer, char *stuff)
 		if (n > 0 && !is_sep(buffer[n-1]) && n < MAXPATHLEN)
 			buffer[n++] = SEP;
 	}
+	if (n > MAXPATHLEN)
+		Py_FatalError("buffer overflow in getpathp.c's joinpath()");
 	k = strlen(stuff);
 	if (n + k > MAXPATHLEN)
 		k = MAXPATHLEN - n;
diff --git a/PC/os2vacpp/getpathp.c b/PC/os2vacpp/getpathp.c
index 5860e752c35..607f2a192a5 100644
--- a/PC/os2vacpp/getpathp.c
+++ b/PC/os2vacpp/getpathp.c
@@ -83,6 +83,15 @@ exists(char *filename)
 }
 
 
+/* Add a path component, by appending stuff to buffer.
+   buffer must have at least MAXPATHLEN + 1 bytes allocated, and contain a
+   NUL-terminated string with no more than MAXPATHLEN characters (not counting
+   the trailing NUL).  It's a fatal error if it contains a string longer than
+   that (callers must be careful!).  If these requirements are met, it's
+   guaranteed that buffer will still be a NUL-terminated string with no more
+   than MAXPATHLEN characters at exit.  If stuff is too long, only as much of
+   stuff as fits will be appended.
+*/
 static void
 join(char *buffer, char *stuff)
 {
@@ -94,6 +103,8 @@ join(char *buffer, char *stuff)
 		if (n > 0 && !is_sep(buffer[n-1]) && n < MAXPATHLEN)
 			buffer[n++] = SEP;
 	}
+	if (n > MAXPATHLEN)
+		Py_FatalError("buffer overflow in getpathp.c's joinpath()");
 	k = strlen(stuff);
 	if (n + k > MAXPATHLEN)
 		k = MAXPATHLEN - n;
-- 
cgit v1.2.3-65-gdbad