[floating-io]

Yeah, that is not a helpful attitude to take when it comes to this sort of thing. If nothing else, a super-long home path can crash your app and leave your user scratching their head. In other words, this is a bug (as is the fact that paths are not necessarily limited to 255 characters in the first place; see the PATH_MAX constant, I think it is?).

As to what could be accomplished with an overflow? I don't know; I'm not in security, and I don't sit around thinking of possible uses for various bugs when it comes to compromising systems.

Perhaps the most important thing to realize, though, is that you're distributing software publicly. Your security situation may not be the same as your user's security situation. Assumptions should not be made.

Something to keep in mind.

[h2337]

Thanks for the discussion. Fix is already committed.

[db48x]

As long as you’re fixing that bug, you should do it right. If the return value from snprintf if more than 256 but less than a few GB then you should malloc a buffer big enough to hold the string and then call snprintf again with the new buffer. Only if that or malloc fails would you print an error. (It’s really a shame that the C standard library requires so many extra steps to do things correctly; this ought to be way easier.)

[floating-io]

Not sure offhand how portable it is, but asprintf() handles automatic buffer allocation, thus not requiring any extra steps afaik.

It does exit on MacOS and Linux, at the very least.

[db48x]

Those are so unportable that I’d completely forgotten about them :)

But my man pages say that they exist on BSD in addition to GNU, so that’s pretty good these days. I say go for it.

[floating-io]

No problem. =)