pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-26 12:56:37 +02:00
Code Activity

core: fix integer overflow in loops (issue #2178)

Browse Source
This commit is contained in:
Sébastien Helleu
2024-09-04 19:04:56 +02:00
parent d1655945cd
commit 64eee892b2
12 changed files with 110 additions and 124 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/core/hook/wee-hook-line.c
+4 -5
View File
@@ -269,6 +269,7 @@ hook_line_add_to_infolist (struct t_infolist_item *item,
void
hook_line_print_log (struct t_hook *hook)
{
char **ptr_tag;
int i, j;
if (!hook || !hook->hook_data)
@@ -290,12 +291,10 @@ hook_line_print_log (struct t_hook *hook)
{
for (i = 0; i < HOOK_LINE(hook, tags_count); i++)
{
for (j = 0; HOOK_LINE(hook, tags_array)[i][j]; j++)
for (ptr_tag = HOOK_LINE(hook, tags_array)[i], j = 0; *ptr_tag;
ptr_tag++, j++)
{
log_printf (" tags_array[%03d][%03d]: '%s'",
i,
j,
HOOK_LINE(hook, tags_array)[i][j]);
log_printf (" tags_array[%03d][%03d]: '%s'", i, j, *ptr_tag);
}
}
}
src/core/hook/wee-hook-print.c
+4 -5
View File
@@ -249,6 +249,7 @@ hook_print_add_to_infolist (struct t_infolist_item *item,
void
hook_print_print_log (struct t_hook *hook)
{
char **ptr_tag;
int i, j;
if (!hook || !hook->hook_data)
@@ -263,12 +264,10 @@ hook_print_print_log (struct t_hook *hook)
{
for (i = 0; i < HOOK_PRINT(hook, tags_count); i++)
{
for (j = 0; HOOK_PRINT(hook, tags_array)[i][j]; j++)
for (ptr_tag = HOOK_PRINT(hook, tags_array)[i], j = 0; *ptr_tag;
ptr_tag++, j++)
{
log_printf (" tags_array[%03d][%03d]: '%s'",
i,
j,
HOOK_PRINT(hook, tags_array)[i][j]);
log_printf (" tags_array[%03d][%03d]: '%s'", i, j, *ptr_tag);
}
}
}
src/core/hook/wee-hook-process.c
+4 -3
View File
@@ -213,7 +213,7 @@ hook_process (struct t_weechat_plugin *plugin,
void
hook_process_child (struct t_hook *hook_process)
{
char **exec_args, *arg0, str_arg[64];
char **exec_args, *arg0, str_arg[64], **ptr_exec_arg;
const char *ptr_url, *ptr_arg;
int rc, i, num_args;
FILE *f;
@@ -353,9 +353,10 @@ hook_process_child (struct t_hook *hook_process)
{
log_printf ("hook_process, command='%s'",
HOOK_PROCESS(hook_process, command));
for (i = 0; exec_args[i]; i++)
for (ptr_exec_arg = exec_args, i = 0; *ptr_exec_arg;
ptr_exec_arg++, i++)
{
log_printf (" args[%02d] == '%s'", i, exec_args[i]);
log_printf (" args[%d] == '%s'", i, *ptr_exec_arg);
}
}
execvp (exec_args[0], exec_args);
src/core/wee-calc.c
+25 -24
View File
@@ -334,8 +334,9 @@ char *
calc_expression (const char *expr)
{
struct t_arraylist *list_values, *list_ops;
const char *ptr_expr, *ptr_expr2;
char str_result[64], *ptr_operator, *operator;
int i, i2, index_op, decimals;
int index_op, decimals;
enum t_calc_symbol last_symbol;
double value, factor, *ptr_value;
@@ -363,21 +364,21 @@ calc_expression (const char *expr)
goto end;
last_symbol = CALC_SYMBOL_NONE;
for (i = 0; expr[i]; i++)
for (ptr_expr = expr; ptr_expr[0]; ptr_expr++)
{
if (expr[i] == ' ')
if (ptr_expr[0] == ' ')
{
/* ignore spaces */
continue;
}
else if (expr[i] == '(')
else if (ptr_expr[0] == '(')
{
ptr_operator = string_strndup (expr + i, 1);
ptr_operator = string_strndup (ptr_expr, 1);
arraylist_add (list_ops, ptr_operator);
last_symbol = CALC_SYMBOL_PARENTHESIS_OPEN;
}
else if (isdigit ((unsigned char)expr[i]) || (expr[i] == '.')
|| ((expr[i] == '-')
else if (isdigit ((unsigned char)ptr_expr[0]) || (ptr_expr[0] == '.')
|| ((ptr_expr[0] == '-')
&& ((last_symbol == CALC_SYMBOL_NONE)
|| (last_symbol == CALC_SYMBOL_PARENTHESIS_OPEN)
|| (last_symbol == CALC_SYMBOL_OPERATOR))))
@@ -385,15 +386,15 @@ calc_expression (const char *expr)
value = 0;
decimals = 0;
factor = 1;
if (expr[i] == '-')
if (ptr_expr[0] == '-')
{
factor = -1;
i++;
ptr_expr++;
}
while (expr[i]
&& (isdigit ((unsigned char)expr[i]) || (expr[i] == '.')))
while (ptr_expr[0]
&& (isdigit ((unsigned char)ptr_expr[0]) || (ptr_expr[0] == '.')))
{
if (expr[i] == '.')
if (ptr_expr[0] == '.')
{
if (decimals == 0)
decimals = 10;
@@ -402,24 +403,24 @@ calc_expression (const char *expr)
{
if (decimals)
{
value = value + (((double)(expr[i] - '0')) / decimals);
value = value + (((double)(ptr_expr[0] - '0')) / decimals);
decimals *= 10;
}
else
{
value = (value * 10) + (expr[i] - '0');
value = (value * 10) + (ptr_expr[0] - '0');
}
}
i++;
ptr_expr++;
}
i--;
ptr_expr--;
value *= factor;
ptr_value = malloc (sizeof (value));
*ptr_value = value;
arraylist_add (list_values, ptr_value);
last_symbol = CALC_SYMBOL_VALUE;
}
else if (expr[i] == ')')
else if (ptr_expr[0] == ')')
{
index_op = arraylist_size (list_ops) - 1;
while (index_op >= 0)
@@ -439,15 +440,15 @@ calc_expression (const char *expr)
else
{
/* operator */
i2 = i + 1;
while (expr[i2] && (expr[i2] != ' ') && (expr[i2] != '(')
&& (expr[i2] != ')') && (expr[i2] != '.')
&& (expr[i2] != '-') && !isdigit ((unsigned char)expr[i2]))
ptr_expr2 = ptr_expr + 1;
while (ptr_expr2[0] && (ptr_expr2[0] != ' ') && (ptr_expr2[0] != '(')
&& (ptr_expr2[0] != ')') && (ptr_expr2[0] != '.')
&& (ptr_expr2[0] != '-') && !isdigit ((unsigned char)ptr_expr2[0]))
{
i2++;
ptr_expr2++;
}
operator = string_strndup (expr + i, i2 - i);
i = i2 - 1;
operator = string_strndup (ptr_expr, ptr_expr2 - ptr_expr);
ptr_expr = ptr_expr2 - 1;
if (operator)
{
index_op = arraylist_size (list_ops) - 1;
src/core/wee-command.c
+6 -6
View File
@@ -2147,7 +2147,7 @@ command_eval_print_debug (const char *debug)
COMMAND_CALLBACK(eval)
{
int i, print_only, split_command, condition, debug, error;
char *result, *ptr_args, **commands, str_debug[32];
char *result, *ptr_args, **commands, **ptr_command, str_debug[32];
const char *debug_output;
struct t_hashtable *pointers, *options;
@@ -2264,9 +2264,9 @@ COMMAND_CALLBACK(eval)
commands = string_split_command (ptr_args, ';');
if (commands)
{
for (i = 0; commands[i]; i++)
for (ptr_command = commands; *ptr_command; ptr_command++)
{
result = eval_expression (commands[i], pointers, NULL,
result = eval_expression (*ptr_command, pointers, NULL,
options);
if (result)
{
@@ -6253,7 +6253,7 @@ command_set_display_option_lists (char **argv, int arg_start, int arg_end,
COMMAND_CALLBACK(set)
{
char *value;
char *value, **ptr_environ;
const char *ptr_string;
int i, number_found, rc, display_only_changed, arg_option_start;
int arg_option_end, list_size;
@@ -6275,9 +6275,9 @@ COMMAND_CALLBACK(set)
list = weelist_new ();
if (!list)
COMMAND_ERROR;
for (i = 0; environ[i]; i++)
for (ptr_environ = environ; *ptr_environ; ptr_environ++)
{
weelist_add (list, environ[i], WEECHAT_LIST_POS_SORT, NULL);
weelist_add (list, *ptr_environ, WEECHAT_LIST_POS_SORT, NULL);
}
list_size = weelist_size (list);
for (i = 0; i < list_size; i++)
src/core/wee-completion.c
+9 -9
View File
@@ -1318,9 +1318,9 @@ completion_list_add_config_option_values_cb (const void *pointer, void *data,
struct t_gui_completion *completion)
{
char *pos_space, *option_full_name, *pos_section, *pos_option;
char *file, *section, *value_string;
char *file, *section, *value_string, **ptr_value;
const char *color_name;
int length, i;
int length;
struct t_config_file *ptr_config;
struct t_config_section *ptr_section, *section_found;
struct t_config_option *option_found;
@@ -1401,10 +1401,11 @@ completion_list_add_config_option_values_cb (const void *pointer, void *data,
case CONFIG_OPTION_TYPE_INTEGER:
if (option_found->string_values)
{
for (i = 0; option_found->string_values[i]; i++)
for (ptr_value = option_found->string_values;
*ptr_value; ptr_value++)
{
gui_completion_list_add (completion,
option_found->string_values[i],
*ptr_value,
0, WEECHAT_LIST_POS_SORT);
}
gui_completion_list_add (completion, "++1",
@@ -1884,8 +1885,7 @@ completion_list_add_env_vars_cb (const void *pointer, void *data,
struct t_gui_buffer *buffer,
struct t_gui_completion *completion)
{
int i;
char *pos, *name;
char *pos, *name, **ptr_environ;
/* make C compiler happy */
(void) pointer;
@@ -1893,12 +1893,12 @@ completion_list_add_env_vars_cb (const void *pointer, void *data,
(void) completion_item;
(void) buffer;
for (i = 0; environ[i]; i++)
for (ptr_environ = environ; *ptr_environ; ptr_environ++)
{
pos = strchr (environ[i], '=');
pos = strchr (*ptr_environ, '=');
if (pos)
{
name = string_strndup (environ[i], pos - environ[i]);
name = string_strndup (*ptr_environ, pos - *ptr_environ);
if (name)
{
gui_completion_list_add (completion, name,
src/core/wee-config.c
+5 -6
View File
@@ -893,8 +893,7 @@ void
config_change_emphasized_attributes (const void *pointer, void *data,
struct t_config_option *option)
{
int i;
const char *ptr_attr;
const char *ptr_attributes, *ptr_attr;
/* make C compiler happy */
(void) pointer;
@@ -903,12 +902,12 @@ config_change_emphasized_attributes (const void *pointer, void *data,
config_emphasized_attributes = 0;
ptr_attr = CONFIG_STRING(config_look_emphasized_attributes);
if (ptr_attr)
ptr_attributes = CONFIG_STRING(config_look_emphasized_attributes);
if (ptr_attributes)
{
for (i = 0; ptr_attr[i]; i++)
for (ptr_attr = ptr_attributes; *ptr_attr; ptr_attr++)
{
config_emphasized_attributes |= gui_color_attr_get_flag (ptr_attr[i]);
config_emphasized_attributes |= gui_color_attr_get_flag (*ptr_attr);
}
}
src/core/wee-eval.c
+11 -11
View File
@@ -506,8 +506,8 @@ char *
eval_string_split (const char *text)
{
char *pos, *pos2, *pos3, *str_number, *separators, **items, *value, *error;
char str_value[32], *str_flags, **list_flags, *strip_items;
int i, num_items, count_items, random_item, flags;
char str_value[32], *str_flags, **list_flags, *strip_items, **ptr_flag;
int num_items, count_items, random_item, flags;
long number, max_items;
str_number = NULL;
@@ -563,25 +563,25 @@ eval_string_split (const char *text)
list_flags = string_split (str_flags, "+", NULL, 0, 0, NULL);
if (list_flags)
{
for (i = 0; list_flags[i]; i++)
for (ptr_flag = list_flags; *ptr_flag; ptr_flag++)
{
if (strcmp (list_flags[i], "strip_left") == 0)
if (strcmp (*ptr_flag, "strip_left") == 0)
flags |= WEECHAT_STRING_SPLIT_STRIP_LEFT;
else if (strcmp (list_flags[i], "strip_right") == 0)
else if (strcmp (*ptr_flag, "strip_right") == 0)
flags |= WEECHAT_STRING_SPLIT_STRIP_RIGHT;
else if (strcmp (list_flags[i], "collapse_seps") == 0)
else if (strcmp (*ptr_flag, "collapse_seps") == 0)
flags |= WEECHAT_STRING_SPLIT_COLLAPSE_SEPS;
else if (strcmp (list_flags[i], "keep_eol") == 0)
else if (strcmp (*ptr_flag, "keep_eol") == 0)
flags |= WEECHAT_STRING_SPLIT_KEEP_EOL;
else if (strncmp (list_flags[i], "strip_items=", 12) == 0)
else if (strncmp (*ptr_flag, "strip_items=", 12) == 0)
{
if (strip_items)
free (strip_items);
strip_items = strdup (list_flags[i] + 12);
strip_items = strdup (*ptr_flag + 12);
}
else if (strncmp (list_flags[i], "max_items=", 10) == 0)
else if (strncmp (*ptr_flag, "max_items=", 10) == 0)
{
max_items = strtol (list_flags[i] + 10, &error, 10);
max_items = strtol (*ptr_flag + 10, &error, 10);
if (!error || error[0] || (max_items < 0))
goto end;
}
src/core/wee-string.c
+17 -32
View File
@@ -929,20 +929,20 @@ string_match (const char *string, const char *mask, int case_sensitive)
int
string_match_list (const char *string, const char **masks, int case_sensitive)
{
int match, i;
const char *ptr_mask;
int match;
const char **ptr_mask, *ptr_mask2;
if (!string || !masks)
return 0;
match = 0;
for (i = 0; masks[i]; i++)
for (ptr_mask = masks; *ptr_mask; ptr_mask++)
{
ptr_mask = (masks[i][0] == '!') ? masks[i] + 1 : masks[i];
if (string_match (string, ptr_mask, case_sensitive))
ptr_mask2 = ((*ptr_mask)[0] == '!') ? *ptr_mask + 1 : *ptr_mask;
if (string_match (string, ptr_mask2, case_sensitive))
{
if (masks[i][0] == '!')
if ((*ptr_mask)[0] == '!')
return 0;
else
match = 1;
@@ -2726,8 +2726,9 @@ string_rebuild_split_string (const char **split_string,
const char *separator,
int index_start, int index_end)
{
int i, length, length_separator;
char *result;
const char **ptr_string;
char **result;
int i;
if (!split_string || (index_start < 0)
|| ((index_end >= 0) && (index_end < index_start)))
@@ -2735,39 +2736,23 @@ string_rebuild_split_string (const char **split_string,
return NULL;
}
length = 0;
length_separator = (separator) ? strlen (separator) : 0;
result = string_dyn_alloc (256);
for (i = 0; split_string[i]; i++)
for (ptr_string = split_string, i = 0; *ptr_string; ptr_string++, i++)
{
if ((index_end >= 0) && (i > index_end))
break;
if (i >= index_start)
length += strlen (split_string[i]) + length_separator;
}
if (length == 0)
return strdup ("");
result = malloc (length + 1);
if (!result)
return NULL;
result[0] = '\0';
for (i = index_start; split_string[i]; i++)
{
if ((index_end >= 0) && (i > index_end))
break;
strcat (result, split_string[i]);
if (separator && ((index_end < 0) || (i + 1 <= index_end))
&& split_string[i + 1])
{
strcat (result, separator);
if (i > index_start)
string_dyn_concat (result, separator, -1);
string_dyn_concat (result, *ptr_string, -1);
}
if (i == INT_MAX)
break;
}
return result;
return string_dyn_free (result, 0);
}
/*
src/gui/gui-bar-window.c
+7 -6
View File
@@ -705,7 +705,7 @@ gui_bar_window_content_get_with_filling (struct t_gui_bar_window *bar_window,
char **content, str_reinit_color[32];
char str_reinit_color_space[32], str_reinit_color_space_start_line[32];
char str_start_item[32];
char *item_value, *item_value2, ****split_items, **linear_items;
char *item_value, *item_value2, ****split_items, **linear_items, **ptr_item;
int i, j, k, sub, index;
int at_least_one_item, first_sub_item;
int length_reinit_color, length_reinit_color_space, length_start_item;
@@ -860,15 +860,15 @@ gui_bar_window_content_get_with_filling (struct t_gui_bar_window *bar_window,
| WEECHAT_STRING_SPLIT_COLLAPSE_SEPS,
0,
NULL);
for (j = 0; split_items[i][sub][j]; j++)
for (ptr_item = split_items[i][sub]; *ptr_item; ptr_item++)
{
total_items++;
length = strlen (split_items[i][sub][j]);
length = strlen (*ptr_item);
if (length > max_length)
max_length = length;
length = gui_chat_strlen_screen (split_items[i][sub][j]);
length = gui_chat_strlen_screen (*ptr_item);
if (length > max_length_screen)
max_length_screen = length;
}
@@ -915,9 +915,10 @@ gui_bar_window_content_get_with_filling (struct t_gui_bar_window *bar_window,
{
if (split_items[i][sub])
{
for (j = 0; split_items[i][sub][j]; j++)
for (ptr_item = split_items[i][sub]; *ptr_item;
ptr_item++)
{
linear_items[index++] = split_items[i][sub][j];
linear_items[index++] = *ptr_item;
}
}
}
src/gui/gui-key.c
+12 -12
View File
@@ -1046,9 +1046,9 @@ gui_key_focus_command (const char *key, int context,
struct t_hashtable **hashtable_focus)
{
struct t_gui_key *ptr_key;
int i, matching, debug, rc;
int matching, debug, rc;
unsigned long value;
char *command, **commands;
char *command, **commands, **ptr_command;
const char *str_buffer;
struct t_hashtable *hashtable;
struct t_weelist *list_keys;
@@ -1134,25 +1134,25 @@ gui_key_focus_command (const char *key, int context,
commands = string_split_command (ptr_key->command, ';');
if (commands)
{
for (i = 0; commands[i]; i++)
for (ptr_command = commands; *ptr_command; ptr_command++)
{
if (string_strncasecmp (commands[i], "hsignal:", 8) == 0)
if (string_strncasecmp (*ptr_command, "hsignal:", 8) == 0)
{
if (commands[i][8])
if ((*ptr_command)[8])
{
if (debug)
{
gui_chat_printf (NULL,
_("Sending hsignal: \"%s\""),
commands[i] + 8);
*ptr_command + 8);
}
(void) hook_hsignal_send (commands[i] + 8,
(void) hook_hsignal_send (*ptr_command + 8,
hashtable);
}
}
else
{
command = eval_expression (commands[i], NULL,
command = eval_expression (*ptr_command, NULL,
hashtable, NULL);
if (command)
{
@@ -1293,9 +1293,9 @@ gui_key_is_complete (const char *key)
int
gui_key_pressed (const char *key_str)
{
int i, first_key, context, length, length_key, rc, signal_sent;
int first_key, context, length, length_key, rc, signal_sent;
struct t_gui_key *ptr_key;
char *pos, signal_name[128], **commands;
char *pos, signal_name[128], **commands, **ptr_command;
signal_sent = 0;
@@ -1390,10 +1390,10 @@ gui_key_pressed (const char *key_str)
commands = string_split_command (ptr_key->command, ';');
if (commands)
{
for (i = 0; commands[i]; i++)
for (ptr_command = commands; *ptr_command; ptr_command++)
{
(void) input_data (gui_current_window->buffer,
commands[i], NULL);
*ptr_command, NULL);
}
string_free_split (commands);
}
src/gui/gui-line.c
+6 -5
View File
@@ -759,8 +759,9 @@ int
gui_line_match_tags (struct t_gui_line_data *line_data,
int tags_count, char ***tags_array)
{
int i, j, k, match, tag_found, tag_negated;
int i, j, match, tag_found, tag_negated;
const char *ptr_tag;
char **ptr;
if (!line_data)
return 0;
@@ -768,9 +769,9 @@ gui_line_match_tags (struct t_gui_line_data *line_data,
for (i = 0; i < tags_count; i++)
{
match = 1;
for (j = 0; tags_array[i][j]; j++)
for (ptr = tags_array[i]; *ptr; ptr++)
{
ptr_tag = tags_array[i][j];
ptr_tag = *ptr;
tag_found = 0;
tag_negated = 0;
@@ -787,9 +788,9 @@ gui_line_match_tags (struct t_gui_line_data *line_data,
}
else
{
for (k = 0; k < line_data->tags_count; k++)
for (j = 0; j < line_data->tags_count; j++)
{
if (string_match (line_data->tags_array[k], ptr_tag, 0))
if (string_match (line_data->tags_array[j], ptr_tag, 0))
{
tag_found = 1;
break;