From 8d6cfa770138070c10b99813aa17867fbab98b04 Mon Sep 17 00:00:00 2001
From: carl <cecodere@yahoo.ca>
Date: Sun, 31 Mar 2019 01:14:49 +0800
Subject: [PATCH] Fix possible buffer writer overflow

---
 mach/proto/as/comm4.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/mach/proto/as/comm4.c b/mach/proto/as/comm4.c
index c7435f38b..08c053ed0 100644
--- a/mach/proto/as/comm4.c
+++ b/mach/proto/as/comm4.c
@@ -223,6 +223,7 @@ static void
 archive(void) {
 	long offset;
 	struct ar_hdr header;
+	char ar_name[AR_NAME_MAX+1];
 	char getsize[AR_TOTAL];
 
 	archmode++;
@@ -234,7 +235,7 @@ archive(void) {
 		if (fread(getsize,AR_TOTAL,1,input) != 1)
 			break;
 		offset += AR_TOTAL;
-		strncpy(header.ar_name,getsize,sizeof header.ar_name) ;
+		strncpy(ar_name,getsize,sizeof(header.ar_name)) ;
 		header.ar_size= (((((long) (getsize[AR_SIZE+1]&0377))<<8)+
 				((long) (getsize[AR_SIZE  ]&0377))<<8)+
 				((long) (getsize[AR_SIZE+3]&0377))<<8)+
@@ -243,9 +244,8 @@ archive(void) {
 		if (needed()) {
 			fseek(input,offset,0);
 			archsize = header.ar_size;
-			// TODO: To check if this is correct.
-			header.ar_name[AR_NAME_MAX] = '\0';
-			parse(remember(header.ar_name));
+			ar_name[AR_NAME_MAX] = '\0';
+			parse(remember(ar_name));
 		}
 		offset += header.ar_size;
 		while (offset % 2)