From 0bf6adc8865922b1adee9f05933771e8a53e500c Mon Sep 17 00:00:00 2001
From: Stefano Brivio <sbrivio@redhat.com>
Date: Tue, 5 Apr 2022 15:18:25 +0200
Subject: arch: Pointer to local outside scope, CWE-562

Reported by Coverity: if we fail to run the AVX2 version, once
execve() fails, we had already replaced argv[0] with the new
stack-allocated path string, and that's then passed back to
main(). Use a static variable instead.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
---
 arch.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'arch.c')

diff --git a/arch.c b/arch.c
index b8e1db5..ae21d59 100644
--- a/arch.c
+++ b/arch.c
@@ -22,6 +22,8 @@
  * @argv:	Arguments from command line
  */
 #ifdef __x86_64__
+static char avx2_path[PATH_MAX];
+
 void arch_avx2_exec(char **argv)
 {
 	char *p = strstr(argv[0], ".avx2");
@@ -29,11 +31,9 @@ void arch_avx2_exec(char **argv)
 	if (p) {
 		*p = 0;
 	} else if (__builtin_cpu_supports("avx2")) {
-		char path[PATH_MAX];
-
-		snprintf(path, PATH_MAX, "%s.avx2", argv[0]);
-		argv[0] = path;
-		execve(path, argv, environ);
+		snprintf(avx2_path, PATH_MAX, "%s.avx2", argv[0]);
+		argv[0] = avx2_path;
+		execve(avx2_path, argv, environ);
 		perror("Can't run AVX2 build, using non-AVX2 version");
 	}
 }
-- 
cgit v1.2.3