From 05dab02722b7df3f1f231884e5f58cc7be969b75 Mon Sep 17 00:00:00 2001
From: Ryan Long <ryan.long@oarcorp.com>
Date: Mon, 17 May 2021 16:58:14 -0400
Subject: rtems-bin2c.c: Check length of buffer to be copied

 CID 1063892: Copy into fixed size buffer in process().

Closes #4424
---
 misc/bin2c/rtems-bin2c.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/misc/bin2c/rtems-bin2c.c b/misc/bin2c/rtems-bin2c.c
index 8e32d25..462ecf0 100644
--- a/misc/bin2c/rtems-bin2c.c
+++ b/misc/bin2c/rtems-bin2c.c
@@ -141,6 +141,19 @@ void process(const char *ifname, const char *ofname, const char *forced_name)
   char *ifbasename;
   ifbasename = basename(ifbasename_to_free);
 
+  /* Ensure length of ifbasename is shorter than length of buf */
+  if (strlen(ifbasename) > PATH_MAX+1) {
+    fprintf(
+      stderr,
+      "error: Base name of %s is too long.\n",
+      ifbasename
+    );
+    fclose(ifile);
+    if ( createC ) { fclose(ocfile); }
+    if ( createH ) { fclose(ohfile); }
+    exit(1);
+  }
+
   strcpy(buf, ifbasename);
   sanitize_file_name(buf);
 
-- 
cgit v1.2.3