Mirrors/fish-shell
2
0
Fork 0
mirror of https://github.com/fish-shell/fish-shell synced 2024-12-26 12:53:13 +00:00
Code Issues Projects Releases Packages Wiki Activity

Fix a buffer overflow in cached_esc_sequences_t::find_entry

Browse source 
cached_esc_sequences_t::find_entry was constructing a wcstring
from a c string, using lengths longer than the length of the cstring.

Detected with asan.
This commit is contained in:
ridiculousfish 2017-03-26 12:48:36 -07:00
parent 3d6c4adda9
commit 9f13edbe4a
1 changed files with 2 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/screen.h
View file

@ -242,7 +242,9 @@ class cached_esc_sequences_t {
} }
size_t find_entry(const wchar_t *entry) { size_t find_entry(const wchar_t *entry) {
size_t entry_len = wcslen(entry);
for (auto len : lengths) { for (auto len : lengths) {
if (len > entry_len) continue;
auto match = cache.find(wcstring(entry, len)); auto match = cache.find(wcstring(entry, len));
if (match != cache.end()) { // we found a matching cached sequence if (match != cache.end()) { // we found a matching cached sequence
// Periodically sort the sequence lengths so we check for matches going from the // Periodically sort the sequence lengths so we check for matches going from the