bbs/deb-goldedplus
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix buffer overflow on wide terminal (width >=200 characters). Bugreport from Anton Gorlov 2:5059/37

Browse Source
This commit is contained in:
Stas Degteff 2011-02-19 01:12:12 +00:00
parent c4bdce3da8
commit 54dabe3345
1 changed files with 14 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
golded3/geutil.cpp
View File

@ -38,8 +38,10 @@ extern GPickArealist* PickArealist;
void update_statuslines() { void update_statuslines() {
char buf[200]; char buf[200]; /* FIXME: it is need to use dinamic arrays in this fuction to prevent buffer overflow or screen garbage */
char * const buf_end = buf+199;
static char old_status_line[200] = ""; static char old_status_line[200] = "";
char * const old_status_line_end = old_status_line_end+199;
static int called = NO; static int called = NO;
HandleGEvent(EVTT_REMOVEVOCBUF); HandleGEvent(EVTT_REMOVEVOCBUF);
@ -57,15 +59,15 @@ void update_statuslines() {
{ {
time32_t t = gtime(NULL); time32_t t = gtime(NULL);
struct tm tm; glocaltime(&tm, &t); struct tm tm; glocaltime(&tm, &t);
sprintf(clkinfo, " %s", strftimei(help, 40, LNG->StatusLineTimeFmt, &tm)); snprintf(clkinfo,sizeof(clkinfo), " %s", strftimei(help, 40, LNG->StatusLineTimeFmt, &tm));
} }
if(CFG->statuslinehelp == -1) if(CFG->statuslinehelp == -1)
*help = NUL; *help = NUL;
else if(CFG->statuslinehelp) else if(CFG->statuslinehelp)
sprintf(help, "%s ", LNG->StatusLineHelp); snprintf(help,sizeof(help), "%s ", LNG->StatusLineHelp);
else else
sprintf(help, "%s%s%s%s %s%i.%i.%i%s ", snprintf(help,sizeof(help), "%s%s%s%s %s%i.%i.%i%s ",
__gver_prename__, __gver_prename__,
__gver_name__, __gver_name__,
__gver_postname__, __gver_postname__,
@ -80,13 +82,13 @@ void update_statuslines() {
int help_len = strlen(help); int help_len = strlen(help);
int clk_len = strlen(clkinfo); int clk_len = strlen(clkinfo);
int len = MAXCOL-help_len-clk_len-2; int len = MAXCOL-help_len-clk_len-2;
sprintf(buf, "%c%s%-*.*s%s ", goldmark, help, len, len, information, clkinfo); snprintf(buf,sizeof(buf), "%c%s%-*.*s%s ", goldmark, help, len, len, information, clkinfo);
char *begin = buf; char *begin = buf;
char *obegin = old_status_line; char *obegin = old_status_line;
char *end = buf + MAXCOL; char *end = (sizeof(buf) > MAXCOL) ? buf + MAXCOL: buf_end;
char *oend = old_status_line + MAXCOL; char *oend = (sizeof(old_status_line) > MAXCOL) ? old_status_line + MAXCOL: old_status_line_end;
while((*begin != NUL) and (*begin == *obegin)) { while((*begin != NUL) and (*begin == *obegin) and (begin<buf_end) and (obegin<old_status_line_end)) {
++begin; ++begin;
++obegin; ++obegin;
} }
@ -94,12 +96,13 @@ void update_statuslines() {
return; return;
// we have at least one mismatch // we have at least one mismatch
if(*obegin) { if(*obegin) {
while(*end == *oend) { while((*end == *oend) and (buf<end) and (old_status_line<oend) ) {
--end; --end;
--oend; --oend;
} }
} }
memcpy(obegin, begin, end-begin+1); len = end-begin+1;
memcpy( obegin, begin, (len<sizeof(old_status_line))? len : sizeof(old_status_line) );
#ifdef GOLD_MOUSE #ifdef GOLD_MOUSE
gmou.GetStatus(); gmou.GetStatus();
@ -120,7 +123,7 @@ void update_statuslines() {
gmou.ShowCursor(); gmou.ShowCursor();
#endif #endif
} }
} } /* update_statuslines() */
// ------------------------------------------------------------------ // ------------------------------------------------------------------