diff --git a/compositor/main.c b/compositor/main.c index 080aa61c..2aa4936e 100644 --- a/compositor/main.c +++ b/compositor/main.c @@ -766,19 +766,28 @@ wet_load_module(const char *name, const char *entrypoint) const char *builddir = getenv("WESTON_BUILD_DIR"); char path[PATH_MAX]; void *module, *init; + size_t len; if (name == NULL) return NULL; if (name[0] != '/') { if (builddir) - snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); + len = snprintf(path, sizeof path, "%s/.libs/%s", builddir, + name); else - snprintf(path, sizeof path, "%s/%s", MODULEDIR, name); + len = snprintf(path, sizeof path, "%s/%s", MODULEDIR, + name); } else { - snprintf(path, sizeof path, "%s", name); + len = snprintf(path, sizeof path, "%s", name); } + /* snprintf returns the length of the string it would've written, + * _excluding_ the NUL byte. So even being equal to the size of + * our buffer is an error here. */ + if (len >= sizeof path) + return NULL; + module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); if (module) { weston_log("Module '%s' already loaded\n", path); diff --git a/libweston/compositor.c b/libweston/compositor.c index ee0a007f..64578584 100644 --- a/libweston/compositor.c +++ b/libweston/compositor.c @@ -5225,19 +5225,28 @@ weston_load_module(const char *name, const char *entrypoint) const char *builddir = getenv("WESTON_BUILD_DIR"); char path[PATH_MAX]; void *module, *init; + size_t len; if (name == NULL) return NULL; if (name[0] != '/') { if (builddir) - snprintf(path, sizeof path, "%s/.libs/%s", builddir, name); + len = snprintf(path, sizeof path, "%s/.libs/%s", + builddir, name); else - snprintf(path, sizeof path, "%s/%s", LIBWESTON_MODULEDIR, name); + len = snprintf(path, sizeof path, "%s/%s", + LIBWESTON_MODULEDIR, name); } else { - snprintf(path, sizeof path, "%s", name); + len = snprintf(path, sizeof path, "%s", name); } + /* snprintf returns the length of the string it would've written, + * _excluding_ the NUL byte. So even being equal to the size of + * our buffer is an error here. */ + if (len >= sizeof path) + return NULL; + module = dlopen(path, RTLD_NOW | RTLD_NOLOAD); if (module) { weston_log("Module '%s' already loaded\n", path);