From aa54d3653cfb68603bf55bb0b12b1172715f6be3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= Date: Sat, 10 May 2025 09:49:45 +0200 Subject: [PATCH] core: fix buffer overflow in function eval_syntax_highlight_colorize --- CHANGELOG.md | 1 + src/core/core-eval.c | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 7ef097e63..65bae90a9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -28,6 +28,7 @@ SPDX-License-Identifier: GPL-3.0-or-later - core: fix integer overflow with decimal numbers in calculation of expression - core: fix integer overflow in base32 encoding/decoding - core: fix buffer overflow in function util_parse_time +- core: fix buffer overflow in function eval_syntax_highlight_colorize - core: fix memory leak in function util_parse_delay - irc: display nick changes and quit messages when option irc.look.ignore_tag_messages is enabled ([#2241](https://github.com/weechat/weechat/issues/2241)) - perl: fix build when multiplicity is not available ([#2243](https://github.com/weechat/weechat/issues/2243)) diff --git a/src/core/core-eval.c b/src/core/core-eval.c index 001111f25..438f274df 100644 --- a/src/core/core-eval.c +++ b/src/core/core-eval.c @@ -1574,7 +1574,8 @@ eval_syntax_highlight_colorize (const char *value) else if (ptr_value[0] == '-') color--; } - ptr_value++; + if (ptr_value[0]) + ptr_value++; if (config_num_eval_syntax_colors > 0) { string_dyn_concat (