pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-26 04:46:37 +02:00
Code Activity

core: fix buffer overflow in function utf8_next_char and return NULL for empty string

Browse Source 
Now the function utf8_next_char with an empty string returns NULL instead of
the next char, which is most of the time after an allocated buffer.

And the function utf8_char_size with an empty string now returns 0 instead of
1.

This indirectly fixes a buffer overflow in function eval_string_range_chars
when the input string is empty (for example when doing `/eval -n ${chars:}`).
This commit is contained in:
Sébastien Helleu
2025-05-10 20:40:09 +02:00
parent 6ecd9e66bf
commit d475c16671
12 changed files with 126 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/plugins/alias/alias.c
+15 -6
View File
@@ -420,6 +420,7 @@ void
alias_hook_command (struct t_alias *alias)
{
char *str_priority_name, *str_completion;
const char *ptr_command;
if (alias->hook)
{
@@ -442,11 +443,10 @@ alias_hook_command (struct t_alias *alias)
str_completion = NULL;
if (!alias->completion)
{
weechat_asprintf (
&str_completion,
"%%%%%s",
(weechat_string_is_command_char (alias->command)) ?
weechat_utf8_next_char (alias->command) : alias->command);
ptr_command = (weechat_string_is_command_char (alias->command)) ?
weechat_utf8_next_char (alias->command) : alias->command;
weechat_asprintf (&str_completion, "%%%%%s",
(ptr_command) ? ptr_command : "");
}
alias->hook = weechat_hook_command (
@@ -681,11 +681,20 @@ alias_new (const char *name, const char *command, const char *completion)
if (!command || !command[0])
return NULL;
while (weechat_string_is_command_char (name))
while (name && weechat_string_is_command_char (name))
{
name = weechat_utf8_next_char (name);
}
if (!name || !name[0])
{
weechat_printf (NULL,
_("%s%s: invalid alias name: \"%s\""),
weechat_prefix ("error"), ALIAS_PLUGIN_NAME,
"");
return NULL;
}
ptr_alias = alias_search (name);
alias_free (ptr_alias);
src/plugins/irc/irc-message.c
+2 -2
View File
@@ -1079,12 +1079,12 @@ irc_message_split_string (struct t_irc_message_split_context *context,
pos = arguments;
pos_max = pos + max_length;
pos_last_delim = NULL;
while (pos[0])
while (pos && pos[0])
{
if (pos[0] == delimiter)
pos_last_delim = pos;
pos_next = weechat_utf8_next_char (pos);
if (pos_next > pos_max)
if (!pos_next || (pos_next > pos_max))
break;
pos = pos_next;
}
src/plugins/spell/spell.c
+3 -3
View File
@@ -834,7 +834,7 @@ spell_modifier_cb (const void *pointer, void *data,
}
current_pos = 0;
while (ptr_string[0])
while (ptr_string && ptr_string[0])
{
ptr_string_orig = NULL;
@@ -885,7 +885,7 @@ spell_modifier_cb (const void *pointer, void *data,
word_end_pos_valid = word_end_pos;
}
ptr_end = (char *)weechat_utf8_next_char (ptr_end);
if (!ptr_end[0])
if (!ptr_end || !ptr_end[0])
break;
code_point = weechat_utf8_char_int (ptr_end);
}
@@ -906,7 +906,7 @@ spell_modifier_cb (const void *pointer, void *data,
while (!iswspace (code_point))
{
ptr_end = (char *)weechat_utf8_next_char (ptr_end);
if (!ptr_end[0])
if (!ptr_end || !ptr_end[0])
break;
code_point = weechat_utf8_char_int (ptr_end);
}
src/plugins/trigger/trigger.c
+2 -2
View File
@@ -700,11 +700,11 @@ trigger_regex_split (const char *str_regex,
/* search the delimiter (which can be more than one char) */
pos = weechat_utf8_next_char (ptr_regex);
while (pos[0] && (weechat_string_charcmp (ptr_regex, pos) == 0))
while (pos && pos[0] && (weechat_string_charcmp (ptr_regex, pos) == 0))
{
pos = weechat_utf8_next_char (pos);
}
if (!pos[0])
if (!pos || !pos[0])
goto format_error;
delimiter = weechat_strndup (ptr_regex, pos - ptr_regex);
if (!delimiter)