From 64626c8873f779c3c18e76dec3c485da22e18be0 Mon Sep 17 00:00:00 2001
From: Lukas Krickl <lukas@krickl.dev>
Date: Sat, 9 Dec 2023 18:27:50 +0100
Subject: [PATCH] Path bounds checks

---
 src/ulas.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/ulas.c b/src/ulas.c
index a6b2758..cf03bc3 100644
--- a/src/ulas.c
+++ b/src/ulas.c
@@ -65,11 +65,15 @@ void ulas_free(void) {
 FILE *ulas_incpathfopen(const char *path, const char *mode) {
   char pathbuf[ULAS_PATHMAX];
   memset(pathbuf, 0, ULAS_PATHMAX);
+  int baselen = strlen(path);
   
   for (int i = 0; i < ulas.include_paths_len; i++) {
     pathbuf[0] = '\0';
     char *ip = ulas.include_paths[i];
     int len = strlen(ip);
+    if (len + baselen + 1 >= ULAS_PATHMAX) {
+      continue;
+    }
 
     strcat(pathbuf, ip);
     if (ip[len-1] != ULAS_PATHSEP[0]) {
-- 
2.30.2