Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Factory:ARM:Rings:1-MinimalX
w3m
0001-Fix-OOB-access-due-to-multiple-backspaces....
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Fix-OOB-access-due-to-multiple-backspaces.patch of Package w3m
From edc602651c506aeeb60544b55534dd1722a340d3 Mon Sep 17 00:00:00 2001 From: Rene Kita <mail@rkta.de> Date: Thu, 13 Jul 2023 07:50:26 +0200 Subject: [PATCH] Fix OOB access due to multiple backspaces Commit 419ca82d57 (Fix m17n backspace handling causes out-of-bounds write in checkType) introduced an incomplete fix. In function checkType we store the length of the previous multi-char character in a buffer plens_buffer with pointer plens pointing to the current position inside the buffer. When encountering a backspace plens is set to the previous position without a bounds check. This will lead to plens being out of bounds if we get more backspaces than we have processed multi-char characters before. If we are at the beginning of the buffer do not decrement and set plen (the current length) to 0. This also fixes GH Issue #270 [BUG] Out of bound read in Strnew_size , Str.c:61 If the above explanation does sound weird it's because I didn't fully grok that function. :-) --- etc.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/etc.c b/etc.c index 128717b..b566151 100644 --- a/etc.c +++ b/etc.c @@ -393,7 +393,10 @@ checkType(Str s, Lineprop **oprop, Linecolor **ocolor) if (color) color -= plen; #endif - plen = *(--plens); + if (plens == plens_buffer) + plen = 0; + else + plen = *(--plens); str += 2; } } @@ -419,7 +422,10 @@ checkType(Str s, Lineprop **oprop, Linecolor **ocolor) if (color) color -= plen; #endif - plen = *(--plens); + if (plens == plens_buffer) + plen = 0; + else + plen = *(--plens); str++; } #else -- 2.41.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor