From 334f88ae2c5f221e63b163a3c3ad4c98e437be35 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sat, 10 May 2025 09:49:45 +0200 Subject: [PATCH] core: fix buffer overflow in function eval_syntax_highlight_colorize --- CHANGELOG.md | 1 + src/core/core-eval.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 26c8b842f..6512a286b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -8,6 +8,7 @@ - core: fix integer overflow in base32 encoding/decoding - core: fix integer overflow in function util_version_number - core: fix buffer overflow in function util_parse_time +- core: fix buffer overflow in function eval_syntax_highlight_colorize - core: fix memory leak in function util_parse_delay ## Version 4.6.2 (2025-04-18) diff --git a/src/core/core-eval.c b/src/core/core-eval.c index c670ccf46..bfd8ee890 100644 --- a/src/core/core-eval.c +++ b/src/core/core-eval.c @@ -1572,7 +1572,8 @@ eval_syntax_highlight_colorize (const char *value) else if (ptr_value[0] == '-') color--; } - ptr_value++; + if (ptr_value[0]) + ptr_value++; if (config_num_eval_syntax_colors > 0) { string_dyn_concat (