# HG changeset patch # User Eric Blake # Date 1308776544 21600 # Node ID 94b3a0b47189dac72244ef3708bc69b917da93b6 # Parent 517a0b73b86b522b86c5fd28e1fcf672256a8434 maint.mk: add syntax-check to avoid char[PATH_MAX] POSIX allows PATH_MAX to be undefined. And even if you use the gnulib pathmax module, where "pathmax.h" guarantees a definition, the definition might not be constant or might be so large as to be wasteful or cause stack overflows. PATH_MAX should only be used as a limit or hueristic, not an array size. * top/maint.mk (sc_prohibit_path_max_array): New rule. Signed-off-by: Eric Blake diff --git a/ChangeLog b/ChangeLog --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2011-06-22 Eric Blake + maint.mk: add syntax-check to avoid char[PATH_MAX] + * top/maint.mk (sc_prohibit_path_max_array): New rule. + stat: be robust to PATH_MAX definition * lib/stat.c (rpl_stat): Require reasonable PATH_MAX. * modules/stat (Depends-on): Add verify. diff --git a/top/maint.mk b/top/maint.mk --- a/top/maint.mk +++ b/top/maint.mk @@ -1106,6 +1106,7 @@ # the other init.sh-using tests also get it right. _hv_file ?= $(srcdir)/tests/help-version _hv_regex_weak ?= ^ *\. .*/init\.sh" +# Fix syntax-highlighters " _hv_regex_strong ?= ^ *\. "\$${srcdir=\.}/init\.sh" sc_cross_check_PATH_usage_in_tests: @if test -f $(_hv_file); then \ @@ -1133,6 +1134,14 @@ halt='Use 0 or 1 for macro values' \ $(_sc_search_regexp) +# Even if you use pathmax.h to guarantee that PATH_MAX is defined, it might +# not be constant. In general, use PATH_MAX as a limit, not an array +# allocation bound. +sc_prohibit_path_max_array: + @prohibit='\[PATH''_MAX' \ + halt='Avoid arrays of size PATH_MAX' \ + $(_sc_search_regexp) + sc_vulnerable_makefile_CVE-2009-4029: @prohibit='perm -777 -exec chmod a\+rwx|chmod 777 \$$\(distdir\)' \ in_files=$$(find $(srcdir) -name Makefile.in) \