core: fix buffer overflow in function utf8_next_char and return NULL for empty string

Now the function utf8_next_char with an empty string returns NULL instead of the next char, which is most of the time after an allocated buffer. And the function utf8_char_size with an empty string now returns 0 instead of 1. This indirectly fixes a buffer overflow in function eval_string_range_chars when the input string is empty (for example when doing `/eval -n ${chars:}`).
2026-06-28 22:06:38 +02:00 · 2025-05-10 20:40:09 +02:00
parent 6ecd9e66bf
commit d475c16671
12 changed files with 126 additions and 48 deletions
@@ -834,7 +834,7 @@ spell_modifier_cb (const void *pointer, void *data,
    }

    current_pos = 0;
-    while (ptr_string[0])
+    while (ptr_string && ptr_string[0])
    {
        ptr_string_orig = NULL;

@@ -885,7 +885,7 @@ spell_modifier_cb (const void *pointer, void *data,
                word_end_pos_valid = word_end_pos;
            }
            ptr_end = (char *)weechat_utf8_next_char (ptr_end);
-            if (!ptr_end[0])
+            if (!ptr_end || !ptr_end[0])
                break;
            code_point = weechat_utf8_char_int (ptr_end);
        }
@@ -906,7 +906,7 @@ spell_modifier_cb (const void *pointer, void *data,
                while (!iswspace (code_point))
                {
                    ptr_end = (char *)weechat_utf8_next_char (ptr_end);
-                    if (!ptr_end[0])
+                    if (!ptr_end || !ptr_end[0])
                        break;
                    code_point = weechat_utf8_char_int (ptr_end);
                }