pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

core: fix buffer overflow in function eval_string_range_chars

Browse Source
This commit is contained in:
Sébastien Helleu
2025-05-11 17:10:29 +02:00
parent 0c9028b47c
commit 209ffbe50e
2 changed files with 8 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ChangeLog.adoc
+1
View File
@@ -20,6 +20,7 @@ https://weechat.org/files/releasenotes/ReleaseNotes-devel.html[release notes]
Bug fixes::
* core: fix buffer overflow in function eval_string_range_chars
* core: fix buffer overflow in function eval_string_base_encode
* core: fix integer overflow in function util_version_number
* core: fix integer overflow in base32 encoding/decoding
src/core/wee-eval.c
+7
View File
@@ -299,6 +299,9 @@ eval_string_range_chars (const char *range)
string = NULL;
result = NULL;
if (!range || !range[0])
goto end;
for (i = 0; eval_range_chars[i][0]; i++)
{
if (strcmp (range, eval_range_chars[i][0]) == 0)
@@ -308,11 +311,15 @@ eval_string_range_chars (const char *range)
char1 = utf8_char_int (range);
/* next char must be '-' */
if (!range[0])
goto end;
ptr_char = utf8_next_char (range);
if (!ptr_char || !ptr_char[0] || (ptr_char[0] != '-'))
goto end;
/* next char is the char2 */
if (!range[0])
goto end;
ptr_char = utf8_next_char (ptr_char);
if (!ptr_char || !ptr_char[0])
goto end;