Potential buffer overflow where length is larger than 4095

2 files changed, 11 insertions, 6 deletions

diff --git a/.gitignore b/.gitignore
index a6300d2..ab67aee 100644
--- a/.gitignore
+++ b/.gitignore
@@ -37,3 +37,5 @@ man/inotifywatch.1
 stamp-h1
 README
 
+libinotifytools/src/test
+
diff --git a/libinotifytools/src/inotifytools.c b/libinotifytools/src/inotifytools.c
index fb9d4c9..bde3db3 100644
--- a/libinotifytools/src/inotifytools.c
+++ b/libinotifytools/src/inotifytools.c
@@ -484,8 +484,9 @@ int inotifytools_str_to_event_sep(char const * event, char sep) {
 
 	int ret, ret1, len;
 	char * event1, * event2;
-	char eventstr[4096];
-	ret = 0;
+        static const size_t eventstr_size = 4096;
+        char eventstr[eventstr_size];
+        ret = 0;
 
 	if ( !event || !event[0] ) return 0;
 
@@ -494,14 +495,16 @@ int inotifytools_str_to_event_sep(char const * event, char sep) {
 	while ( event1 && event1[0] ) {
 		if ( event2 ) {
 			len = event2 - event1;
-			niceassert( len < 4096, "malformed event string (very long)" );
-		}
+                        niceassert(len < eventstr_size,
+                                   "malformed event string (very long)");
+                }
 		else {
 			len = strlen(event1);
 		}
-		if ( len > 4095 ) len = 4095;
+                if (len > eventstr_size - 1)
+                    len = eventstr_size - 1;
 
-                if (event2) {
+                if (event2 || len == eventstr_size - 1) {
                     strncpy(eventstr, event1, len);
                 } else {
                     strcpy(eventstr, event1);