From 626e39703e824fbdaf7e428ea61ac4c38fa36e9f Mon Sep 17 00:00:00 2001
From: psmith <psmith>
Date: Sun, 26 Feb 2012 21:34:51 +0000
Subject: [PATCH] Check for possible buffer overflow on very long filenames.
 Fixes Savannah bug #35525

---
 ChangeLog  | 5 +++++
 implicit.c | 7 +++++++
 2 files changed, 12 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index ab8e97c..6d16854 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2012-02-26  Paul Smith  <psmith@gnu.org>
+
+	* implicit.c (pattern_search): Check the stem length to avoid
+	stack overflows in stem_str.  Fixes Savannah bug #35525.
+
 2012-02-03  Eli Zaretskii  <eliz@gnu.org>
 
 	* w32/subproc/sub_proc.c (proc_stdin_thread, proc_stdout_thread)
diff --git a/implicit.c b/implicit.c
index 96c7b2b..c5f7481 100644
--- a/implicit.c
+++ b/implicit.c
@@ -488,6 +488,13 @@ pattern_search (struct file *file, int archive,
               dir = pathdir;
             }
 
+          if (stemlen > GET_PATH_MAX)
+            {
+              DBS (DB_IMPLICIT, (_("Stem too long: `%.*s'.\n"),
+                                 (int) stemlen, stem));
+              continue;
+            }
+
           DBS (DB_IMPLICIT, (_("Trying pattern rule with stem `%.*s'.\n"),
                              (int) stemlen, stem));
 
-- 
2.11.4.GIT