diff options
| author | Ron Yorston <rmy@pobox.com> | 2015-08-04 17:10:37 +0100 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2015-08-16 18:54:49 +0200 |
| commit | 26ccd3d062a1949d3fd73b01cdf55e700bde1981 (patch) | |
| tree | 0b130cf233750e71331916729bacebea5cc70b62 | |
| parent | 72dcbe4df7f02b2176daf70c68835fc8a053a219 (diff) | |
| download | busybox-w32-26ccd3d062a1949d3fd73b01cdf55e700bde1981.tar.gz busybox-w32-26ccd3d062a1949d3fd73b01cdf55e700bde1981.tar.bz2 busybox-w32-26ccd3d062a1949d3fd73b01cdf55e700bde1981.zip | |
less: fix botched attempt to use last column
Commit 1ecb996 attempted to make read_lines() use the last column of
the terminal (as re_wrap() did). There were two problems with this:
- The size of the buffer allocated for lines wasn't increased to allow
for the extra character.
- The test for width overflow was moved after the point where the
next character was added to the buffer. This caused a buffer overflow
in certain circumstances.
For example, if the line beyond the end of the display was wider than
the display read_lines() would initially read the partial line into a
buffer. When the user moved down read_lines() would be called again
to ensure the rest of the line was read. This would place the next
character in the partial line before checking for overflow.
This can be fixed by moving the test for overflow back to where it was
before commit 1ecb996 and changing the comparison to `>` rather than
`>=`.
There are two other places where buffers are created without allowing
for width+1 characters.
Signed-off-by: Ron Yorston <rmy@pobox.com>
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
| -rw-r--r-- | miscutils/less.c | 28 |
1 files changed, 14 insertions, 14 deletions
diff --git a/miscutils/less.c b/miscutils/less.c index 7a441bf7e..ccdb15fdc 100644 --- a/miscutils/less.c +++ b/miscutils/less.c | |||
| @@ -456,7 +456,7 @@ static void read_lines(void) | |||
| 456 | if (option_mask32 & FLAG_N) | 456 | if (option_mask32 & FLAG_N) |
| 457 | w -= 8; | 457 | w -= 8; |
| 458 | 458 | ||
| 459 | p = current_line = ((char*)xmalloc(w + 4)) + 4; | 459 | p = current_line = ((char*)xmalloc(w + 5)) + 4; |
| 460 | if (!last_terminated) { | 460 | if (!last_terminated) { |
| 461 | const char *cp = flines[max_fline]; | 461 | const char *cp = flines[max_fline]; |
| 462 | p = stpcpy(p, cp); | 462 | p = stpcpy(p, cp); |
| @@ -509,6 +509,16 @@ static void read_lines(void) | |||
| 509 | *--p = '\0'; | 509 | *--p = '\0'; |
| 510 | continue; | 510 | continue; |
| 511 | } | 511 | } |
| 512 | { | ||
| 513 | size_t new_last_line_pos = last_line_pos + 1; | ||
| 514 | if (c == '\t') { | ||
| 515 | new_last_line_pos += 7; | ||
| 516 | new_last_line_pos &= (~7); | ||
| 517 | } | ||
| 518 | if ((int)new_last_line_pos > w) | ||
| 519 | break; | ||
| 520 | last_line_pos = new_last_line_pos; | ||
| 521 | } | ||
| 512 | /* ok, we will eat this char */ | 522 | /* ok, we will eat this char */ |
| 513 | readpos++; | 523 | readpos++; |
| 514 | if (c == '\n') { | 524 | if (c == '\n') { |
| @@ -520,16 +530,6 @@ static void read_lines(void) | |||
| 520 | if (c == '\0') c = '\n'; | 530 | if (c == '\0') c = '\n'; |
| 521 | *p++ = c; | 531 | *p++ = c; |
| 522 | *p = '\0'; | 532 | *p = '\0'; |
| 523 | { | ||
| 524 | size_t new_last_line_pos = last_line_pos + 1; | ||
| 525 | if (c == '\t') { | ||
| 526 | new_last_line_pos += 7; | ||
| 527 | new_last_line_pos &= (~7); | ||
| 528 | } | ||
| 529 | if ((int)new_last_line_pos >= w) | ||
| 530 | break; | ||
| 531 | last_line_pos = new_last_line_pos; | ||
| 532 | } | ||
| 533 | } /* end of "read chars until we have a line" loop */ | 533 | } /* end of "read chars until we have a line" loop */ |
| 534 | #if 0 | 534 | #if 0 |
| 535 | //BUG: also triggers on this: | 535 | //BUG: also triggers on this: |
| @@ -573,7 +573,7 @@ static void read_lines(void) | |||
| 573 | break; | 573 | break; |
| 574 | } | 574 | } |
| 575 | max_fline++; | 575 | max_fline++; |
| 576 | current_line = ((char*)xmalloc(w + 4)) + 4; | 576 | current_line = ((char*)xmalloc(w + 5)) + 4; |
| 577 | p = current_line; | 577 | p = current_line; |
| 578 | last_line_pos = 0; | 578 | last_line_pos = 0; |
| 579 | } /* end of "read lines until we reach cur_fline" loop */ | 579 | } /* end of "read lines until we reach cur_fline" loop */ |
| @@ -755,7 +755,7 @@ static void print_found(const char *line) | |||
| 755 | char *growline; | 755 | char *growline; |
| 756 | regmatch_t match_structs; | 756 | regmatch_t match_structs; |
| 757 | 757 | ||
| 758 | char buf[width]; | 758 | char buf[width+1]; |
| 759 | const char *str = line; | 759 | const char *str = line; |
| 760 | char *p = buf; | 760 | char *p = buf; |
| 761 | size_t n; | 761 | size_t n; |
| @@ -814,7 +814,7 @@ void print_found(const char *line); | |||
| 814 | 814 | ||
| 815 | static void print_ascii(const char *str) | 815 | static void print_ascii(const char *str) |
| 816 | { | 816 | { |
| 817 | char buf[width]; | 817 | char buf[width+1]; |
| 818 | char *p; | 818 | char *p; |
| 819 | size_t n; | 819 | size_t n; |
| 820 | 820 | ||