Fix error handling when reading binary path from /proc

On Linux, Hurd, Cygwin, DragonFly BSD and Solaris/Illumos, Kakoune obtains
a path to its binary by reading the appropriate /proc symlink target.
readlink() can fail or it can fill the entire buffer, silently truncating
the path if the buffer is too small.

kak_assert() is compiled out in non-debug builds so we ignore a readlink()
failure, corrupt the stack by writing to buffer[-1] then return a string
from the uninitialised buffer.

If readlink() succeeds and the binary path is sizeof(buffer) long, we write
a \0 terminator beyond its end. If it is longer, we also truncate the path.

Throw a fatal error on startup in all these unlikely failure cases.

1 files changed, 6 insertions, 3 deletions

diff --git a/src/file.cc b/src/file.cc
index c505f235..b9d3212c 100644
--- a/src/file.cc
+++ b/src/file.cc
@@ -634,7 +634,8 @@ String get_kak_binary_path()
     char buffer[2048];
 #if defined(__linux__) or defined(__CYGWIN__) or defined(__gnu_hurd__)
     ssize_t res = readlink("/proc/self/exe", buffer, 2048);
-    kak_assert(res != -1);
+    if (res == -1 || res >= 2048)
+        throw runtime_error("unable to get the executable path");
     buffer[res] = '\0';
     return buffer;
 #elif defined(__FreeBSD__) or defined(__NetBSD__)
@@ -662,7 +663,8 @@ String get_kak_binary_path()
     return path.Path();
 #elif defined(__DragonFly__)
     ssize_t res = readlink("/proc/curproc/file", buffer, 2048);
-    kak_assert(res != -1);
+    if (res == -1 || res >= 2048)
+        throw runtime_error("unable to get the executable path");
     buffer[res] = '\0';
     return buffer;
 #elif defined(__OpenBSD__)
@@ -670,7 +672,8 @@ String get_kak_binary_path()
     return KAK_BIN_PATH;
 #elif defined(__sun__)
     ssize_t res = readlink("/proc/self/path/a.out", buffer, 2048);
-    kak_assert(res != -1);
+    if (res == -1 || res >= 2048)
+        throw runtime_error("unable to get the executable path");
     buffer[res] = '\0';
     return buffer;
 #else