core: fix buffer overflow in function eval_string_range_chars

2026-06-12 14:14:48 +02:00 · 2025-05-10 21:38:26 +02:00
parent 09917a807b
commit 3db2f71112
2 changed files with 8 additions and 0 deletions
@@ -10,6 +10,7 @@
 - core: fix buffer overflow in function util_parse_time
 - core: fix buffer overflow in function eval_syntax_highlight_colorize
 - core: fix buffer overflow in function eval_string_base_encode
+- core: fix buffer overflow in function eval_string_range_chars
 - core: fix memory leak in function util_parse_delay

 ## Version 4.6.2 (2025-04-18)
@@ -300,6 +300,9 @@ eval_string_range_chars (const char *range)
    string = NULL;
    result = NULL;

+    if (!range || !range[0])
+        goto end;
+
    for (i = 0; eval_range_chars[i][0]; i++)
    {
        if (strcmp (range, eval_range_chars[i][0]) == 0)
@@ -309,11 +312,15 @@ eval_string_range_chars (const char *range)
    char1 = utf8_char_int (range);

    /* next char must be '-' */
+    if (!range[0])
+        goto end;
    ptr_char = utf8_next_char (range);
    if (!ptr_char || !ptr_char[0] || (ptr_char[0] != '-'))
        goto end;

    /* next char is the char2 */
+    if (!range[0])
+        goto end;
    ptr_char = utf8_next_char (ptr_char);
    if (!ptr_char || !ptr_char[0])
        goto end;