mirrors/foot
1
0
Fork 0
mirror of https://codeberg.org/dnkl/foot.git synced 2026-04-02 07:15:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

vt: fix memory corruption: wcwidth() may return -1

Browse source 
When it did, we called print_insert() with that, which in turn
resulted in a too large size value passed to memmove.
This commit is contained in:
Daniel Eklöf 2019-11-30 00:15:05 +01:00
parent 9551be492c
commit 88c1a8939f
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
1 changed files with 14 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

2
vt.c
View file

@ -738,6 +738,7 @@ post_print(struct terminal *term)
static inline void static inline void
print_insert(struct terminal *term, int width) print_insert(struct terminal *term, int width)
{ {
assert(width > 0);
if (unlikely(term->insert_mode)) { if (unlikely(term->insert_mode)) {
struct row *row = term->grid->cur_row; struct row *row = term->grid->cur_row;
const size_t move_count = max(0, term->cols - term->cursor.point.col - width); const size_t move_count = max(0, term->cols - term->cursor.point.col - width);
@ -768,6 +769,7 @@ action_print_utf8(struct terminal *term)
wc = 0; wc = 0;
int width = wcwidth(wc); int width = wcwidth(wc);
if (width > 0)
print_insert(term, width); print_insert(term, width);
row->dirty = true; row->dirty = true;