Re: [hackers] [st] Added basic xterm-ish palette swap support. ||Alexander Sedov

From: Roberto E. Vargas Caballero <k0ga_AT_shike2.com>
Date: Mon, 25 Feb 2013 11:23:05 +0100

> > Why do you want add this function instead of using atoi (or strtol if you
> > want detect overflow)?
>
> Thanks for mentioning this. I didn’t see this error.


I was looking in csiparse and the code which convert from string to number is:


        while(p < csiescseq.buf+csiescseq.len) {
                while(isdigit(*p)) {
                        csiescseq.arg[csiescseq.narg] *= 10;
                        csiescseq.arg[csiescseq.narg] += *p++ - '0'/*, noarg = 0 */;
                }
                if(*p == ';' && csiescseq.narg+1 < ESC_ARG_SIZ) {
                        csiescseq.narg++, p++;
                } else {
                        csiescseq.mode = *p;
                        csiescseq.narg++;

                        return;
                }
        }


We are not checking against overflows, and since this data comes from the
user, maybe could be a good idea change it. Since we have the full string we
can call to strtol, but it is not very clear to me what does in this case if
we detect an overflow; set csiescseq.arg[csiescseq.narg] to -1?, I am not
sure if it can be a legitimate value or not.



Best regards,
Received on Mon Feb 25 2013 - 11:23:05 CET

This archive was generated by hypermail 2.3.0 : Mon Feb 25 2013 - 11:24:06 CET