safety fix for glob's vla usage: disallow patterns longer than PATH_MAX

[musl] / src / regex / glob.c

diff --git a/src/regex/glob.c b/src/regex/glob.c
index 9a70f0b..67f84bc 100644 (file)
--- a/src/regex/glob.c
+++ b/src/regex/glob.c
@@ -171,6 +171,8 @@ int glob(const char *pat, int flags, int (*errfunc)(const char *path, int err),
                d = "";
        }
 
+       if (strlen(p) > PATH_MAX) return GLOB_NOSPACE;
+
        if (!errfunc) errfunc = ignore_err;
 
        if (!(flags & GLOB_APPEND)) {