Re: [hackers] [st][PATCH] Fix buffer overflow when handling composed input

From: Andy Gozas <andy_AT_gozas.me>
Date: Sun, 23 Oct 2022 18:31:30 +0000

On 2022-10-23 05:34 PM, Hiltjo Posthuma wrote:
> Can you provide a minimal reproducable-case with your configuration
> for this issue?
> It would help a lot in reviewing this issue.

Yes, of course.

If you already have the multi-key enabled on your system, then add this
line to your ~/.XCompose file:

<Multi_key> <T> <E> <S> <T> <Multi_key> :
"1234567890123456789012345678901234567890123456789012345678901234567890"

If you don't, then either enable it (`setxkbmap -option "compose:caps"`
would set caps lock to be your multi-key), or use any other possible key
(remember though, that you will not be able to use that key): one
option, that would leave you without the question mark key, would be to
add this line instead

<question> <T> <E> <S> <T> <question> :
"1234567890123456789012345678901234567890123456789012345678901234567890"

Make sure to restart the program that you would be testing after adding
this line, as this setting does not change at runtime.

Now, to test if ST works correctly with long composed text, you open ST.
For this you would want to launch st with the -e option (so that if ^D
is passed, it doesn't escape into regular shell), and pass to it some
command that can not do damage to your system, but can take standard
input: I used "bc" (interactive calculator). Once in it, one by one,
press the keys you have selected in .XCompose (for first line caps, then
T, E, S, T, and caps again, similar for second, but shift+slash instead
of caps). In a correctly working program, you would see the text in
quotes appear unchanged, and that is how it works on my system with the
patch in question applied. Now if it is not working correctly, this text
would either be cut at some point (for ST, it is the 64th character), or
you would see just some random characters appear on screen, which may
change between tests. The problem of text being cut would still exist
after this patch, but even after looking for a while I could not find
out how to fix it (it would only appear if the XLookupString is used,
which depends on the configuration of system that is being used, and my
system doesn't use it, and, to be honest, I don't know how to make it
use it), but the problem of random text, in my opinion, is more
dangerous (it even hung my system at some point before I figured out
that I shouldn't test this in a regular shell) and can be fixed pretty
easily.

---
Andy Gozas.
Received on Sun Oct 23 2022 - 20:31:30 CEST

This archive was generated by hypermail 2.3.0 : Sun Oct 23 2022 - 20:36:35 CEST