Follow-up Comment #1, bug #66147 (group screen): I can confirm that changing line 465 in attacher.c from:
strncpy(p, *av, MAXPATHLEN);
to:
strncpy(p, *av, ARRAY_SIZE(p) - 1);
...fixes this specfic crash on 5.0.0 clean build, with FORTIFY_SOURCE=3 build
flags still enabled.
There are many similar strncpy (and likely other) operations using #defined
MAX*** sizes that would also likely need to be changed to address similar
FORTIFY-induced buffer overruns in other parts of the code.
-Al C.
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?66147>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
signature.asc
Description: PGP signature
