unwind.c: fix a possible buffer overflow

Linux does not prevent a user from creating a lot of nested directories
with length of the absolute path of the deepest one exceeding PATH_MAX,
then chdir'ing into it, creating a file there and mmap'ing it. Since the
length of the prefix preceding the pathname in /proc/[pid]/maps is not
necessary 80 (it's 73 on my machine), an overflow is possible.

* unwind.c (build_mmap_cache): Fix a possible buffer overflow.

diff --git a/unwind.c b/unwind.c
index 326d184ee92b4df3324e61070032bd355ad83239..6a7f342cc97a27f0dfb051089845318e2d731a32 100644 (file)
--- a/unwind.c
+++ b/unwind.c
@@ -159,7 +159,7 @@ build_mmap_cache(struct tcb* tcp)
                struct mmap_cache_t *entry;
                unsigned long start_addr, end_addr, mmap_offset;
                char exec_bit;
-               char binary_path[PATH_MAX];
+               char binary_path[sizeof(buffer)];
 
                if (sscanf(buffer, "%lx-%lx %*c%*c%c%*c %lx %*x:%*x %*d %[^\n]",
                           &start_addr, &end_addr, &exec_bit,