cirno/plan9port
1
0
Fork 0
mirror of https://github.com/9fans/plan9port.git synced 2025-01-12 11:10:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

9term: Add missing parentheses, preventing buffer overflow.

Browse source 
(el-sr) is the string length and (sizeof wdir - strlen(name) - 20)
is the buffer size. When the string length is greater than the
buffer size, the beginning of the string is supposed to be trimmed
to fit in the buffer size. Unfortunately a pair of parentheses were
missing, pointing sr outside the buffer, and the for loop below
then reads outside the buffer. For certain binary data printed in
a window, it causes a segfault.

Change-Id: Iffeaa348260ee2a5a36d9577308fb8d1c1688d05
Reviewed-on: https://plan9port-review.googlesource.com/1540
Reviewed-by: Gleydson Soares <gsoares@gmail.com>
This commit is contained in:
Ray Lai 2016-05-23 22:30:52 +08:00 committed by Gleydson Soares
parent 9f34853f7c
commit 669713d43f
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/cmd/9term/win.c
View file

@ -634,7 +634,7 @@ label(char *sr, int n)
el = r+1;
if(el-sr > sizeof wdir - strlen(name) - 20)
sr = el - sizeof wdir - strlen(name) - 20;
sr = el - (sizeof wdir - strlen(name) - 20);
for(sl=el-3; sl>=sr; sl--)
if(sl[0]=='\033' && sl[1]==']' && sl[2]==';')
break;