From 4a1021af038d99f6d416c0003e1a3f2c6027faac Mon Sep 17 00:00:00 2001
From: Apple <opensource@apple.com>
Date: Wed, 9 Dec 2015 05:19:28 +0000
Subject: [PATCH] dyld-360.18.tar.gz

---
 src/dyld.cpp | 15 +++++++++------
 1 file changed, 9 insertions(+), 6 deletions(-)

diff --git a/src/dyld.cpp b/src/dyld.cpp
index 648b887..19166c5 100644
--- a/src/dyld.cpp
+++ b/src/dyld.cpp
@@ -1618,12 +1618,15 @@ static void checkLoadCommandEnvironmentVariables()
 						if ( strncmp(&equals[-5], "_PATH", 5) == 0 ) {
 							const char* value = &equals[1];
 							const size_t keyLen = equals-keyEqualsValue;
-							char key[keyLen+1];
-							strncpy(key, keyEqualsValue, keyLen);
-							key[keyLen] = '\0';
-							//dyld::log("processing: %s\n", keyEqualsValue);
-							//dyld::log("mainExecutableDir: %s\n", mainExecutableDir);
-							processDyldEnvironmentVariable(key, value, mainExecutableDir);
+							// <rdar://problem/22799635> don't let malformed load command overflow stack
+							if ( keyLen < 40 ) {
+								char key[keyLen+1];
+								strncpy(key, keyEqualsValue, keyLen);
+								key[keyLen] = '\0';
+								//dyld::log("processing: %s\n", keyEqualsValue);
+								//dyld::log("mainExecutableDir: %s\n", mainExecutableDir);
+								processDyldEnvironmentVariable(key, value, mainExecutableDir);
+							}
 						}
 					}
 				}
-- 
2.50.0