proc/escape.c: Prevent integer overflows in escape_str_utf8().

Simply rearrange the old comparisons. The new comparisons are safe,
because we know from previous checks that:

1/ wlen > 0

2/ my_cells < *maxcells (also: my_cells >= 0 and *maxcells > 0)

3/ len > 1

4/ my_bytes+1 < bufsize (also: my_bytes >= 0 and bufsize > 0)
This commit is contained in:
Qualys Security Advisory 1970-01-01 00:00:00 +00:00 committed by Craig Small
parent 8d359b04ab
commit 37ce162604

View File

@ -98,7 +98,7 @@ static int escape_str_utf8(char *restrict dst, const char *restrict src, int buf
} else { } else {
// multibyte - printable // multibyte - printable
// Got space? // Got space?
if (my_cells+wlen > *maxcells || my_bytes+1+len >= bufsize) break; if (wlen > *maxcells-my_cells || len >= bufsize-(my_bytes+1)) break;
// 0x9b is control byte for some terminals // 0x9b is control byte for some terminals
if (memchr(src, 0x9B, len)) { if (memchr(src, 0x9B, len)) {
// unsafe multibyte // unsafe multibyte