fix shf.c-internal buffer overread on printing digits,
introduced by the utf_skipcols()-related fixes, more specifically the check for combining multibyte characters past end of given width (bogus mixed-up semantics we have here) by reïntroducing the NUL byte from commitid 1005474EE1E4024A4E4
This commit is contained in:
		
							
								
								
									
										6
									
								
								check.t
									
									
									
									
									
								
							
							
						
						
									
										6
									
								
								check.t
									
									
									
									
									
								
							| @@ -1,4 +1,4 @@ | ||||
| # $MirOS: src/bin/mksh/check.t,v 1.731 2016/05/05 22:58:19 tg Exp $ | ||||
| # $MirOS: src/bin/mksh/check.t,v 1.732 2016/05/17 15:36:31 tg Exp $ | ||||
| # -*- mode: sh -*- | ||||
| #- | ||||
| # Copyright © 2003, 2004, 2005, 2006, 2007, 2008, 2009, 2010, | ||||
| @@ -30,7 +30,7 @@ | ||||
| # (2013/12/02 20:39:44) http://openbsd.cs.toronto.edu/cgi-bin/cvsweb/src/regress/bin/ksh/?sortby=date | ||||
|  | ||||
| expected-stdout: | ||||
| 	@(#)MIRBSD KSH R52 2016/05/05 | ||||
| 	@(#)MIRBSD KSH R52 2016/05/17 | ||||
| description: | ||||
| 	Check version of shell. | ||||
| stdin: | ||||
| @@ -39,7 +39,7 @@ name: KSH_VERSION | ||||
| category: shell:legacy-no | ||||
| --- | ||||
| expected-stdout: | ||||
| 	@(#)LEGACY KSH R52 2016/05/05 | ||||
| 	@(#)LEGACY KSH R52 2016/05/17 | ||||
| description: | ||||
| 	Check version of legacy shell. | ||||
| stdin: | ||||
|   | ||||
							
								
								
									
										4
									
								
								sh.h
									
									
									
									
									
								
							
							
						
						
									
										4
									
								
								sh.h
									
									
									
									
									
								
							| @@ -175,9 +175,9 @@ | ||||
| #endif | ||||
|  | ||||
| #ifdef EXTERN | ||||
| __RCSID("$MirOS: src/bin/mksh/sh.h,v 1.771 2016/05/05 22:56:14 tg Exp $"); | ||||
| __RCSID("$MirOS: src/bin/mksh/sh.h,v 1.772 2016/05/17 15:36:34 tg Exp $"); | ||||
| #endif | ||||
| #define MKSH_VERSION "R52 2016/05/05" | ||||
| #define MKSH_VERSION "R52 2016/05/17" | ||||
|  | ||||
| /* arithmetic types: C implementation */ | ||||
| #if !HAVE_CAN_INTTYPES | ||||
|   | ||||
							
								
								
									
										7
									
								
								shf.c
									
									
									
									
									
								
							
							
						
						
									
										7
									
								
								shf.c
									
									
									
									
									
								
							| @@ -25,7 +25,7 @@ | ||||
|  | ||||
| #include "sh.h" | ||||
|  | ||||
| __RCSID("$MirOS: src/bin/mksh/shf.c,v 1.73 2016/05/05 22:56:15 tg Exp $"); | ||||
| __RCSID("$MirOS: src/bin/mksh/shf.c,v 1.74 2016/05/17 15:36:35 tg Exp $"); | ||||
|  | ||||
| /* flags to shf_emptybuf() */ | ||||
| #define EB_READSW	0x01	/* about to switch to reading */ | ||||
| @@ -774,7 +774,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) | ||||
| 	size_t field, precision, len; | ||||
| 	unsigned long lnum; | ||||
| 	/* %#o produces the longest output */ | ||||
| 	char numbuf[(8 * sizeof(long) + 2) / 3 + 1]; | ||||
| 	char numbuf[(8 * sizeof(long) + 2) / 3 + 1 + /* NUL */ 1]; | ||||
| 	/* this stuff for dealing with the buffer */ | ||||
| 	ssize_t nwritten = 0; | ||||
|  | ||||
| @@ -914,6 +914,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) | ||||
|  integral: | ||||
| 			flags |= FL_NUMBER; | ||||
| 			cp = numbuf + sizeof(numbuf); | ||||
| 			*--cp = '\0'; | ||||
|  | ||||
| 			switch (c) { | ||||
| 			case 'd': | ||||
| @@ -964,7 +965,7 @@ shf_vfprintf(struct shf *shf, const char *fmt, va_list args) | ||||
| 				} | ||||
| 			    } | ||||
| 			} | ||||
| 			len = numbuf + sizeof(numbuf) - (s = cp); | ||||
| 			len = numbuf + sizeof(numbuf) - 1 - (s = cp); | ||||
| 			if (flags & FL_DOT) { | ||||
| 				if (precision > len) { | ||||
| 					field = precision; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user