Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix OOB access due to multiple backspaces #273

Merged
merged 1 commit into from
Jul 18, 2023
Merged

Fix OOB access due to multiple backspaces #273

merged 1 commit into from
Jul 18, 2023

Conversation

rkta
Copy link
Contributor

@rkta rkta commented Jul 13, 2023

Commit 419ca82 (Fix m17n backspace handling causes out-of-bounds
write in checkType) introduced an incomplete fix.

In function checkType we store the length of the previous multi-char
character in a buffer plens_buffer with pointer plens pointing to the
current position inside the buffer. When encountering a backspace plens
is set to the previous position without a bounds check. This will lead
to plens being out of bounds if we get more backspaces than we have
processed multi-char characters before.

If we are at the beginning of the buffer do not decrement and set plen
(the current length) to 0.

This also fixes GH Issue #270 [BUG] Out of bound read in Strnew_size ,
Str.c:61

If the above explanation does sound weird it's because I didn't fully
grok that function. :-)

@rkta
Copy link
Contributor Author

rkta commented Jul 13, 2023

@tats My fix posted in the issue was not right. This is a slightly different solution.

@rkta
Fix OOB access due to multiple backspaces
edc6026 
Commit 419ca82 (Fix m17n backspace handling causes out-of-bounds
write in checkType) introduced an incomplete fix.

In function checkType we store the length of the previous multi-char
character in a buffer plens_buffer with pointer plens pointing to the
current position inside the buffer. When encountering a backspace plens
is set to the previous position without a bounds check. This will lead
to plens being out of bounds if we get more backspaces than we have
processed multi-char characters before.

If we are at the beginning of the buffer do not decrement and set plen
(the current length) to 0.

This also fixes GH Issue #270 [BUG] Out of bound read in Strnew_size ,
Str.c:61

If the above explanation does sound weird it's because I didn't fully
grok that function. :-)
@rkta rkta mentioned this pull request Jul 13, 2023
Closed
@tats
Copy link
Owner

tats commented Jul 15, 2023

Thanks for your contribution. I'll merge this soon.

This also fixes GH Issue #270 [BUG] Out of bound read in Strnew_size , Str.c:61

This seems to prevent #270 and also #271, correct?

@rkta
Copy link
Contributor Author

rkta commented Jul 17, 2023 via email

@tats tats merged commit 25fb402 into tats:master Jul 18, 2023
@tats
Copy link
Owner

tats commented Jul 18, 2023

Merged, thank you.

This was referenced Jul 18, 2023
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rkta @tats