From Bugzilla Helper: User-Agent: Mozilla/4.6 [en-gb]C-CCK-MCD NetscapeOnline.co.uk (Win98; I) Description of problem: Hello there, I have just tried to compile mc-4.5.55-12 from Redhat 8.0 Here are some of the messages the compiler produces cc: Info: cpio.c, line 303: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds) cc: Info: cpio.c, line 351: In this statement, an array is being accessed outside the bounds specified for the array type. (subscrbounds) Here is an untested patch to shut up the compiler. ./vfs/cpio.c.old ./vfs/cpio.c *** ./vfs/cpio.c.old Thu Dec 19 20:19:28 2002 --- ./vfs/cpio.c Thu Dec 19 20:33:32 2002 *************** *** 293,299 **** { struct new_cpio_header hd; struct stat stat; ! char *buf[HEAD_LENGTH + 1]; int len; char *name; --- 293,299 ---- { struct new_cpio_header hd; struct stat stat; ! char *buf[HEAD_LENGTH + 2]; int len; char *name; *************** *** 341,347 **** { struct new_cpio_header hd; struct stat stat; ! char buf[HEAD_LENGTH + 1]; int len; char *name; --- 341,347 ---- { struct new_cpio_header hd; struct stat stat; ! char buf[HEAD_LENGTH + 2]; int len; char *name; Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. compile with any C compiler that checks array indices, for example Compaq C. 2. 3. Additional info:
Fixed in 4.6.0 as far as many others possible buffer overflows.
The problem is not the buffer length but the incorrect indexing used in the assignments. Also in the first example a handle instead of a pointer is used. Verified that this is fixed in 4.6.0. Closing CURRENTRELEASE.