pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-12 14:14:48 +02:00
Code Activity

xfer: fix out-of-bounds read in xfer_chat_recv_cb on empty line (#2323)

Browse Source
This commit is contained in:
aizu-m
2026-06-06 10:31:18 +05:30
committed by Sébastien Helleu
parent 30529057c8
commit f91f92b48f
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
CHANGELOG.md
+1
View File
@@ -15,6 +15,7 @@ SPDX-License-Identifier: GPL-3.0-or-later
- irc: fix out-of-bounds read on incoming DCC command with a quoted filename ending the message
- relay: limit size of received websocket frame and HTTP body to prevent memory exhaustion
- xfer: replace directory separator in remote nick by underscore in download filename to prevent writing the file outside the download directory
- xfer: fix out-of-bounds read when receiving empty line in DCC chat ([#2323](https://github.com/weechat/weechat/issues/2323))
## Version 4.9.1 (2026-05-31)
src/plugins/xfer/xfer-chat.c
+1 -1
View File
@@ -162,7 +162,7 @@ xfer_chat_recv_cb (const void *pointer, void *data, int fd)
{
ctcp_action = 0;
length = strlen (ptr_buf);
if (ptr_buf[length - 1] == '\r')
if ((length > 0) && (ptr_buf[length - 1] == '\r'))
{
ptr_buf[length - 1] = '\0';
length--;