[ccache] orig_args->argv overrun in args.c:args_strip()

Tim Noell tnoell at lexmark.com
Wed Jul 20 16:32:36 GMT 2005


Hi ccache List:

First, thanks for a wonderful tool!

(Sorry if someone has already reported this ... I did a quick visual 
search of the mailing list archives and didn't see it ...)

I've started using the --ccache-skip flag to omit some project specific 
paths from the hash, and found a problem in args.c:args_strip().  
Namely, the size of the memmove is argc, but this is incorrect - the 
number of argv entries to be moved is argc - i (enough to move all 
remaining args and the NULL termination arg).  As the code is, this bug 
causes an overflow in orig_args->argv when --ccache-skip is used.

Patch against 2.4 below.

Best Regards,
Tim Noell
Lexmark International, Inc.

% diff -Naurw ccache-2.4/args.c.r286 ccache-2.4/args.c
--- ccache-2.4/args.c.r286      2005-07-20 12:30:53.000000000 -0400
+++ ccache-2.4/args.c   2005-07-20 12:16:26.000000000 -0400
@@ -82,7 +82,7 @@
                        free(args->argv[i]);
                        memmove(&args->argv[i],
                                &args->argv[i+1],
-                               args->argc * sizeof(args->argv[i]));
+                               (args->argc - i) * sizeof(args->argv[i]));
                        args->argc--;
                } else {
                        i++;



More information about the ccache mailing list