From ba5d5357d5dc2a9aee7fea5a9cd1e3e1684498c8 Mon Sep 17 00:00:00 2001
From: Simon Rose <simon.rose@ess.eu>
Date: Thu, 28 Oct 2021 17:21:06 +0200
Subject: [PATCH] Ensure that we do not write OSI_PATH_SEPARATOR past the end
 of our buffer

---
 require-ess/src/require.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/require-ess/src/require.c b/require-ess/src/require.c
index f35ef676..21cb4ad4 100644
--- a/require-ess/src/require.c
+++ b/require-ess/src/require.c
@@ -354,20 +354,21 @@ void pathAdd(const char *varname, const char *dirname)
 char *realpathSeparator(const char *location)
 {
     size_t ll;
-    char *loc = realpath(location, NULL);
-    if (!loc)
+    char *buffer = malloc(PATH_MAX + strlen(OSI_PATH_SEPARATOR));
+    buffer = realpath(location, buffer);
+    if (!buffer)
     {
         if (requireDebug)
             printf("require: realpath(%s) failed\n", location);
         return NULL;
     }
-    ll = strlen(loc);
+    ll = strlen(buffer);
     /* linux realpath removes trailing slash */
-    if (loc[ll - strlen(OSI_PATH_SEPARATOR)] != OSI_PATH_SEPARATOR[0])
+    if (buffer[ll - strlen(OSI_PATH_SEPARATOR)] != OSI_PATH_SEPARATOR[0])
     {
-        strcpy(loc + ll + 1 - strlen(OSI_PATH_SEPARATOR), OSI_PATH_SEPARATOR);
+        strcpy(buffer + ll + 1 - strlen(OSI_PATH_SEPARATOR), OSI_PATH_SEPARATOR);
     }
-    return loc;
+    return buffer;
 }
 
 static int setupDbPath(const char *module, const char *dbdir)
@@ -554,8 +555,7 @@ void registerModule(const char *module, const char *version, const char *locatio
     strcpy(m->content + lm, version);
     strcpy(m->content + lm + lv, abslocation ? abslocation : "");
 
-    if (abslocation != location)
-        free(abslocation);
+    free(abslocation);
     for (pm = &loadedModules; *pm != NULL; pm = &(*pm)->next)
         ;
     *pm = m;
-- 
GitLab