From 5ae02ff8c10e611aca7d5c6f60d3461aa0746694 Mon Sep 17 00:00:00 2001
From: Paul Smith <psmith@gnu.org>
Date: Tue, 3 Jan 2023 02:14:24 -0500
Subject: [SV 63609] Avoid buffer overrun in --warn-undefined-variables

Reported by Dmitry Goncharov <dgoncharov@users.sf.net>

* src/variable.c (struct defined_vars): Create a struct that holds the
name and length of each variable name.
(warn_undefined): Check the lengths before comparing the contents.
* tests/scripts/options/warn-undefined-variables: Add a test.
---
 tests/scripts/options/warn-undefined-variables | 11 +++++++++++
 1 file changed, 11 insertions(+)

(limited to 'tests')

diff --git a/tests/scripts/options/warn-undefined-variables b/tests/scripts/options/warn-undefined-variables
index 9bd40865..d9653d2c 100644
--- a/tests/scripts/options/warn-undefined-variables
+++ b/tests/scripts/options/warn-undefined-variables
@@ -35,4 +35,15 @@ run_make_test(undef, '--warn-undefined-variables',
 #MAKEFILE#:9: warning: undefined variable 'UNDEFINED'
 ref");
 
+# sv 63609.
+# Test for buffer overrun in warn_undefined.
+run_make_test(q!
+all:;
+X := $(averyveryverylongvariablename)
+!,
+              '--warn-undefined-variables',
+              "#MAKEFILE#:3: warning: undefined variable 'averyveryverylongvariablename'
+#MAKE#: 'all' is up to date.\n"
+);
+
 1;
-- 
cgit v1.2.1