[hackers] [libgrapheme] Check for empty destination before NUL-terminating || Christopher Wellons

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: <git_AT_suckless.org>
Date: Fri, 7 Oct 2022 18:00:30 +0200 (CEST)

commit ad4877023146953d4daa8d91c119124c38620337
Author: Christopher Wellons <wellons_AT_nullprogram.com>
AuthorDate: Fri Oct 7 11:33:10 2022 -0400
Commit: Laslo Hunhold <dev_AT_frign.de>
CommitDate: Fri Oct 7 18:00:11 2022 +0200

    Check for empty destination before NUL-terminating

    This overflow was triggered in the second test of to_lowercase_utf8
    where the destination is zero length (w->destlen == 0). `w->destlen`
    would overflow by subtraction, then the subscript would overflow the
    destination.

    Signed-off-by: Laslo Hunhold <dev_AT_frign.de>

diff --git a/src/util.c b/src/util.c
index ed893ba..2ff1b64 100644
--- a/src/util.c
+++ b/src/util.c
_AT_@ -207,7 +207,7 @@ herodotus_writer_nul_terminate(HERODOTUS_WRITER *w)
                 } else { /* w->type == HERODOTUS_TYPE_UTF8 */
                         ((char *)(w->dest))[w->first_unwritable_offset] = '\0';
                 }
- } else {
+ } else if (w->destlen > 0) {
                 /*
                  * In this case, there is no more space in the buffer and
                  * the last unwritable offset is larger than
Received on Fri Oct 07 2022 - 18:00:30 CEST

This archive was generated by hypermail 2.3.0 : Fri Oct 07 2022 - 18:00:44 CEST