Merge pull request #516 from bjornfor/fix-dangling-pointer

wolfcw · web-flow · commit 7bfe6566b3a2 · 2025-09-27T11:47:48.000+02:00
Fix dangling pointer via ft_sem_t name field
diff --git a/src/libfaketime.c b/src/libfaketime.c
@@ -352,7 +352,7 @@ void *ft_dlvsym(void *handle, const char *symbol, const char *version, const cha
 
 
 typedef struct {
-  char *name;
+  char name[256];
 #if FT_SEMAPHORE_BACKEND == FT_POSIX
   sem_t *sem;
 #elif FT_SEMAPHORE_BACKEND == FT_SYSV
@@ -509,7 +509,8 @@ int ft_sem_create(char *name, ft_sem_t *ft_sem)
     return -1;
   }
 #endif
-  ft_sem->name = name;
+  strncpy(ft_sem->name, name, sizeof ft_sem->name - 1);
+  ft_sem->name[sizeof ft_sem->name - 1] = '\0';
   return 0;
 }
 
@@ -527,7 +528,8 @@ int ft_sem_open(char *name, ft_sem_t *ft_sem)
     return -1;
    }
 #endif
-  ft_sem->name = name;
+  strncpy(ft_sem->name, name, sizeof ft_sem->name - 1);
+  ft_sem->name[sizeof ft_sem->name - 1] = '\0';
   return 0;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -352,7 +352,7 @@ void ft_dlvsym(void handle, const char symbol, const char version, const cha`
`352`	`352`
`353`	`353`
`354`	`354`	`typedef struct {`
`355`		`- char *name;`
	`355`	`+ char name[256];`
`356`	`356`	`#if FT_SEMAPHORE_BACKEND == FT_POSIX`
`357`	`357`	`sem_t *sem;`
`358`	`358`	`#elif FT_SEMAPHORE_BACKEND == FT_SYSV`
`@@ -509,7 +509,8 @@ int ft_sem_create(char name, ft_sem_t ft_sem)`
`509`	`509`	`return -1;`
`510`	`510`	`}`
`511`	`511`	`#endif`
`512`		`- ft_sem->name = name;`
	`512`	`+ strncpy(ft_sem->name, name, sizeof ft_sem->name - 1);`
	`513`	`+ ft_sem->name[sizeof ft_sem->name - 1] = '\0';`
`513`	`514`	`return 0;`
`514`	`515`	`}`
`515`	`516`
`@@ -527,7 +528,8 @@ int ft_sem_open(char name, ft_sem_t ft_sem)`
`527`	`528`	`return -1;`
`528`	`529`	`}`
`529`	`530`	`#endif`
`530`		`- ft_sem->name = name;`
	`531`	`+ strncpy(ft_sem->name, name, sizeof ft_sem->name - 1);`
	`532`	`+ ft_sem->name[sizeof ft_sem->name - 1] = '\0';`
`531`	`533`	`return 0;`
`532`	`534`	`}`
`533`	`535`