From b3904e7dbb9e32e8820deed8281aff97c9d141ce Mon Sep 17 00:00:00 2001
From: Michael Santos <michael.santos@gmail.com>
Date: Fri, 1 Oct 2010 19:56:52 -0400
Subject: typer: prevent buffer overflows

---
 erts/etc/common/typer.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to 'erts/etc/common/typer.c')

diff --git a/erts/etc/common/typer.c b/erts/etc/common/typer.c
index c2567cb8b4..de48daf002 100644
--- a/erts/etc/common/typer.c
+++ b/erts/etc/common/typer.c
@@ -175,7 +175,7 @@ main(int argc, char** argv)
 static void
 push_words(char* src)
 {
-    char sbuf[1024];
+    char sbuf[MAXPATHLEN];
     char* dst;
 
     dst = sbuf;
@@ -307,7 +307,7 @@ error(char* format, ...)
     va_list ap;
     
     va_start(ap, format);
-    vsprintf(sbuf, format, ap);
+    erts_vsnprintf(sbuf, sizeof(sbuf), format, ap);
     va_end(ap);
     fprintf(stderr, "typer: %s\n", sbuf);
     exit(1);
@@ -336,6 +336,9 @@ get_default_emulator(char* progname)
     char sbuf[MAXPATHLEN];
     char* s;
 
+    if (strlen(progname) >= sizeof(sbuf))
+        return ERL_NAME;
+
     strcpy(sbuf, progname);
     for (s = sbuf+strlen(sbuf); s >= sbuf; s--) {
 	if (IS_DIRSEP(*s)) {
-- 
cgit v1.2.3