proc/escape.c: Prevent integer overflows in escape_str_utf8().
Simply rearrange the old comparisons. The new comparisons are safe, because we know from previous checks that: 1/ wlen > 0 2/ my_cells < *maxcells (also: my_cells >= 0 and *maxcells > 0) 3/ len > 1 4/ my_bytes+1 < bufsize (also: my_bytes >= 0 and bufsize > 0)
This commit is contained in:
parent
8d359b04ab
commit
37ce162604
@ -98,7 +98,7 @@ static int escape_str_utf8(char *restrict dst, const char *restrict src, int buf
|
|||||||
} else {
|
} else {
|
||||||
// multibyte - printable
|
// multibyte - printable
|
||||||
// Got space?
|
// Got space?
|
||||||
if (my_cells+wlen > *maxcells || my_bytes+1+len >= bufsize) break;
|
if (wlen > *maxcells-my_cells || len >= bufsize-(my_bytes+1)) break;
|
||||||
// 0x9b is control byte for some terminals
|
// 0x9b is control byte for some terminals
|
||||||
if (memchr(src, 0x9B, len)) {
|
if (memchr(src, 0x9B, len)) {
|
||||||
// unsafe multibyte
|
// unsafe multibyte
|
||||||
|
Loading…
Reference in New Issue
Block a user