1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-04 08:43:13 +02:00

core: fix buffer overflow in function utf8_next_char and return NULL for empty string

Now the function utf8_next_char with an empty string returns NULL instead of
the next char, which is most of the time after an allocated buffer.

And the function utf8_char_size with an empty string now returns 0 instead of
1.

This indirectly fixes a buffer overflow in function eval_string_range_chars
when the input string is empty (for example when doing `/eval -n ${chars:}`).
This commit is contained in:
Sébastien Helleu
2025-05-10 20:40:09 +02:00
parent 6ecd9e66bf
commit d475c16671
12 changed files with 126 additions and 48 deletions
+14 -7
View File
@@ -323,9 +323,11 @@ gui_completion_nick_has_ignored_chars (const char *string)
int char_size;
char utf_char[16];
while (string[0])
while (string && string[0])
{
char_size = utf8_char_size (string);
if (char_size < 1)
break;
memcpy (utf_char, string, char_size);
utf_char[char_size] = '\0';
@@ -352,9 +354,11 @@ gui_completion_nick_strdup_ignore_chars (const char *string)
result = malloc (strlen (string) + 1);
pos = result;
while (string[0])
while (string && string[0])
{
char_size = utf8_char_size (string);
if (char_size < 1)
break;
memcpy (utf_char, string, char_size);
utf_char[char_size] = '\0';
@@ -915,13 +919,16 @@ gui_completion_find_context (struct t_gui_completion *completion,
if (string_is_command_char (ptr_data))
{
ptr_data = utf8_next_char (ptr_data);
if (ptr_data < data + pos)
if (ptr_data)
{
if (string_is_command_char (ptr_data))
ptr_data = utf8_next_char (ptr_data);
if (ptr_data < data + pos)
{
if (string_is_command_char (ptr_data))
ptr_data = utf8_next_char (ptr_data);
}
if (!string_is_command_char (ptr_data))
ptr_command = ptr_data;
}
if (!string_is_command_char (ptr_data))
ptr_command = ptr_data;
}
/*