1 files changed, 27 insertions, 0 deletions

diff --git a/main/dev86/dev86-print-overflow.patch b/main/dev86/dev86-print-overflow.patch
new file mode 100644
index 00000000000..c75e18c9bbf
--- /dev/null
+++ b/main/dev86/dev86-print-overflow.patch
@@ -0,0 +1,27 @@
+From: Lubomir Rintel <lkundrak@v3.sk>
+
+There are off-by-one errors when filling the ar headers, the trailing nul
+would overflow the target buffer.
+
+diff -urp dev86-0.16.17/ld/mkar.c dev86-0.16.17.fixed/ld/mkar.c
+--- dev86-0.16.17/ld/mkar.c	2004-06-20 09:23:27.000000000 +0200
++++ dev86-0.16.17.fixed/ld/mkar.c	2010-03-29 23:34:30.351426404 +0200
+@@ -51,12 +51,12 @@ char buf[128];
+       memset(&arbuf, ' ', sizeof(arbuf));
+       strcpy(buf, ptr); strcat(buf, "/                 ");
+       strncpy(arbuf.ar_name, buf, sizeof(arbuf.ar_name));
+-      
+-      sprintf(arbuf.ar_date, "%-12ld", (long)st.st_mtime);
+-      sprintf(arbuf.ar_uid, "%-6d",    (int)(st.st_uid%1000000L));
+-      sprintf(arbuf.ar_gid, "%-6d",    (int)(st.st_gid%1000000L));
+-      sprintf(arbuf.ar_mode, "%-8lo",  (long)st.st_mode);
+-      sprintf(arbuf.ar_size, "%-10ld", (long)st.st_size);
++     
++      snprintf(arbuf.ar_date, 12, "%-12ld", (long)st.st_mtime);
++      snprintf(arbuf.ar_uid, 6, "%-6d", (int)(st.st_uid%1000000L));
++      snprintf(arbuf.ar_gid, 6, "%-6d", (int)(st.st_gid%1000000L));
++      snprintf(arbuf.ar_mode, 8, "%-8lo", (long)st.st_mode);
++      snprintf(arbuf.ar_size, 10, "%-10ld", (long)st.st_size);
+       memcpy(arbuf.ar_fmag, ARFMAG, sizeof(arbuf.ar_fmag));
+ 
+       if( fwrite(&arbuf, 1, sizeof(arbuf), fd) != sizeof(arbuf) )