From 9ab9ee194cc9fd26c7548a27d702e65be5391dc1 Mon Sep 17 00:00:00 2001 From: tg Date: Tue, 17 May 2016 15:36:35 +0000 Subject: [PATCH] =?UTF-8?q?fix=20shf.c-internal=20buffer=20overread=20on?= =?UTF-8?q?=20printing=20digits,=20introduced=20by=20the=20utf=5Fskipcols(?= =?UTF-8?q?)-related=20fixes,=20more=20specifically=20the=20check=20for=20?= =?UTF-8?q?combining=20multibyte=20characters=20past=20end=20of=20given=20?= =?UTF-8?q?width=20(bogus=20mixed-up=20semantics=20we=20have=20here)=20by?= =?UTF-8?q?=20re=C3=AFntroducing=20the=20NUL=20byte=20from=20commitid=2010?= =?UTF-8?q?05474EE1E4024A4E4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- check.t | 6 +++--- sh.h | 4 ++-- shf.c | 7 ++++--- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/check.t b/check.t index 3492e9c..f7b175b 100644 --- a/check.t +++ b/check.t @@ -1,4 +1,4 @@ -# $MirOS: src/bin/mksh/check.t,v 1.731 2016/05/05 22:58:19 tg Exp $ +# $MirOS: src/bin/mksh/check.t,v 1.732 2016/05/17 15:36:31 tg Exp $ # -*- mode: sh -*- #- # Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, @@ -30,7 +30,7 @@ # (2013/12/02 20:39:44) http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date expected-stdout: - @(#)MIRBSD KSH R52 2016/05/05 + @(#)MIRBSD KSH R52 2016/05/17 description: Check version of shell. stdin: @@ -39,7 +39,7 @@ name: KSH_VERSION category: shell:legacy-no --- expected-stdout: - @(#)LEGACY KSH R52 2016/05/05 + @(#)LEGACY KSH R52 2016/05/17 description: Check version of legacy shell. stdin: diff --git a/sh.h b/sh.h index 15afcfe..f06327c 100644 --- a/sh.h +++ b/sh.h @@ -175,9 +175,9 @@ #endif #ifdef EXTERN -__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.771 2016/05/05 22:56:14 tg Exp $"); +__RCSID("$MirOS: src/bin/mksh/sh.h,v 1.772 2016/05/17 15:36:34 tg Exp $"); #endif -#define MKSH_VERSION "R52 2016/05/05" +#define MKSH_VERSION "R52 2016/05/17" /* arithmetic types: C implementation */ #if !HAVE_CAN_INTTYPES diff --git a/shf.c b/shf.c index bdd799b..06b6e5c 100644 --- a/shf.c +++ b/shf.c @@ -25,7 +25,7 @@ #include "sh.h" -__RCSID("$MirOS: src/bin/mksh/shf.c,v 1.73 2016/05/05 22:56:15 tg Exp $"); +__RCSID("$MirOS: src/bin/mksh/shf.c,v 1.74 2016/05/17 15:36:35 tg Exp $"); /* flags to shf_emptybuf() */ #define EB_READSW 0x01 /* about to switch to reading */ @@ -774,7 +774,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) size_t field, precision, len; unsigned long lnum; /* %#o produces the longest output */ - char numbuf[(8 * sizeof(long) + 2) / 3 + 1]; + char numbuf[(8 * sizeof(long) + 2) / 3 + 1 + /* NUL */ 1]; /* this stuff for dealing with the buffer */ ssize_t nwritten = 0; @@ -914,6 +914,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) integral: flags |= FL_NUMBER; cp = numbuf + sizeof(numbuf); + *--cp = '\0'; switch (c) { case 'd': @@ -964,7 +965,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) } } } - len = numbuf + sizeof(numbuf) - (s = cp); + len = numbuf + sizeof(numbuf) - 1 - (s = cp); if (flags & FL_DOT) { if (precision > len) { field = precision;