From e88597fd8f6e89c3e210ae36ba04e3ef442dab81 Mon Sep 17 00:00:00 2001 From: Kevin Day Date: Sun, 16 Apr 2023 18:37:18 -0500 Subject: [PATCH] Security: fake_build_arguments_standard_add() is treating static path the same as shared. The size calculation is only using the shared size. Then a static string of a potentially different size is being used. --- level_3/fake/c/private-build.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/level_3/fake/c/private-build.c b/level_3/fake/c/private-build.c index ff4a0f3..d09d700 100644 --- a/level_3/fake/c/private-build.c +++ b/level_3/fake/c/private-build.c @@ -29,7 +29,7 @@ const f_string_static_t fake_build_documentation_files_s = macro_f_string_static if (F_status_is_error(*status)) return; { - f_array_length_t build_libraries_length = fake_build_parameter_library_link_path_s.used + data->path_build_libraries_shared.used; + f_array_length_t build_libraries_length = fake_build_parameter_library_link_path_s.used + (is_shared ? data->path_build_libraries_shared.used : data->path_build_libraries_static.used); f_char_t build_libraries[build_libraries_length + 1]; build_libraries[build_libraries_length] = 0; -- 1.8.3.1