0050-proc/escape.c: Prevent integer overflows in escape_str_utf8().
Simply rearrange the old comparisons. The new comparisons are safe, because we know from previous checks that: 1/ wlen > 0 2/ my_cells < *maxcells (also: my_cells >= 0 and *maxcells > 0) 3/ len > 1 4/ my_bytes+1 < bufsize (also: my_bytes >= 0 and bufsize > 0)
This commit is contained in:
parent
8f49e98a3f
commit
1eddce14c3
@ -100,7 +100,7 @@ static int escape_str_utf8(char *restrict dst, const char *restrict src, int buf
|
||||
} else {
|
||||
// multibyte - printable
|
||||
// Got space?
|
||||
if (my_cells+wlen > *maxcells || my_bytes+1+len >= bufsize) break;
|
||||
if (wlen > *maxcells-my_cells || len >= bufsize-(my_bytes+1)) break;
|
||||
// 0x9b is control byte for some terminals
|
||||
if (memchr(src, 0x9B, len)) {
|
||||
// unsafe multibyte
|
||||
|
Loading…
Reference in New Issue
Block a user