From: Apple <opensource@apple.com>
Date: Wed, 9 Dec 2015 05:19:28 +0000 (+0000)
Subject: dyld-360.18.tar.gz
X-Git-Tag: os-x-10112^0
X-Git-Url: https://git.saurik.com/apple/dyld.git/commitdiff_plain/4a1021af038d99f6d416c0003e1a3f2c6027faac?ds=inline

dyld-360.18.tar.gz
---

diff --git a/src/dyld.cpp b/src/dyld.cpp
index 648b887..19166c5 100644
--- a/src/dyld.cpp
+++ b/src/dyld.cpp
@@ -1618,12 +1618,15 @@ static void checkLoadCommandEnvironmentVariables()
 						if ( strncmp(&equals[-5], "_PATH", 5) == 0 ) {
 							const char* value = &equals[1];
 							const size_t keyLen = equals-keyEqualsValue;
-							char key[keyLen+1];
-							strncpy(key, keyEqualsValue, keyLen);
-							key[keyLen] = '\0';
-							//dyld::log("processing: %s\n", keyEqualsValue);
-							//dyld::log("mainExecutableDir: %s\n", mainExecutableDir);
-							processDyldEnvironmentVariable(key, value, mainExecutableDir);
+							// <rdar://problem/22799635> don't let malformed load command overflow stack
+							if ( keyLen < 40 ) {
+								char key[keyLen+1];
+								strncpy(key, keyEqualsValue, keyLen);
+								key[keyLen] = '\0';
+								//dyld::log("processing: %s\n", keyEqualsValue);
+								//dyld::log("mainExecutableDir: %s\n", mainExecutableDir);
+								processDyldEnvironmentVariable(key, value, mainExecutableDir);
+							}
 						}
 					}
 				}