diff options
author | Tavian Barnes <tavianator@tavianator.com> | 2024-10-02 16:01:36 -0400 |
---|---|---|
committer | Tavian Barnes <tavianator@tavianator.com> | 2024-10-02 16:08:44 -0400 |
commit | f5eaadb96fb94b2d3666e53a99495840a3099aec (patch) | |
tree | 92343f68c9b8391e9feb158e87169de32c29b98e | |
parent | 9c9dc01f38c808948c6ea508503f913fa800bb9a (diff) | |
download | bfs-f5eaadb96fb94b2d3666e53a99495840a3099aec.tar.xz |
color: Fix an assertion failure with embedded NUL bytes
Leading NUL bytes (e.g. `*\0.gz=...`) could cause us to insert a
non-prefix-free set of strings into the case-insensitive extension trie,
which would lead to crashes like
bfs: trie_split@src/trie.c:538: Assertion failed: `key_nibble != rep_nibble`
and OOB accesses to trie leaf keys. Fix it by ignoring those
extensions, since filenames cannot contain NUL bytes.
Fixes: 08030aea ("color: Delay the case_sensitive decision")
-rw-r--r-- | src/color.c | 10 | ||||
-rw-r--r-- | tests/bfs/color_ext_case_nul.out | 27 | ||||
-rw-r--r-- | tests/bfs/color_ext_case_nul.sh | 5 |
3 files changed, 42 insertions, 0 deletions
diff --git a/src/color.c b/src/color.c index 37a22f9..0885726 100644 --- a/src/color.c +++ b/src/color.c @@ -237,6 +237,16 @@ static int insert_ext(struct trie *trie, struct ext_color *ext) { /** Set the color for an extension. */ static int set_ext(struct colors *colors, dchar *key, dchar *value) { size_t len = dstrlen(key); + + // Embedded NUL bytes in extensions can lead to a non-prefix-free + // set of strings, e.g. {".gz", "\0.gz"} would be transformed to + // {"zg.\0", "zg.\0\0"} (showing the implicit terminating NUL). + // Our trie implementation only supports prefix-free key sets, but + // luckily '\0' cannot appear in filenames so we can ignore them. + if (memchr(key, '\0', len)) { + return 0; + } + struct ext_color *ext = varena_alloc(&colors->ext_arena, len + 1); if (!ext) { return -1; diff --git a/tests/bfs/color_ext_case_nul.out b/tests/bfs/color_ext_case_nul.out new file mode 100644 index 0000000..8ccd9a7 --- /dev/null +++ b/tests/bfs/color_ext_case_nul.out @@ -0,0 +1,27 @@ +[01;34m$'rainbow/\e[1m'[0m +[01;34m$'rainbow/\e[1m/'[0m$'\e[0m' +[01;34mrainbow[0m +[01;34mrainbow/[0m[01;31mlower.gz[0m +[01;34mrainbow/[0m[01;31mlower.tar.gz[0m +[01;34mrainbow/[0m[01;31mlu.tar.GZ[0m +[01;34mrainbow/[0m[01;31mul.TAR.gz[0m +[01;34mrainbow/[0m[01;31mupper.GZ[0m +[01;34mrainbow/[0m[01;31mupper.TAR.GZ[0m +[01;34mrainbow/[0m[01;32mexec.sh[0m +[01;34mrainbow/[0m[01;35msocket[0m +[01;34mrainbow/[0m[01;36mbroken[0m +[01;34mrainbow/[0m[01;36mchardev_link[0m +[01;34mrainbow/[0m[01;36mlink.txt[0m +[01;34mrainbow/[0m[30;42msticky_ow[0m +[01;34mrainbow/[0m[30;43msgid[0m +[01;34mrainbow/[0m[33mpipe[0m +[01;34mrainbow/[0m[34;42mow[0m +[01;34mrainbow/[0m[37;41msugid[0m +[01;34mrainbow/[0m[37;41msuid[0m +[01;34mrainbow/[0m[37;44msticky[0m +[01;34mrainbow/[0mfile.dat +[01;34mrainbow/[0mfile.txt +[01;34mrainbow/[0mlower.tar +[01;34mrainbow/[0mmh1 +[01;34mrainbow/[0mmh2 +[01;34mrainbow/[0mupper.TAR diff --git a/tests/bfs/color_ext_case_nul.sh b/tests/bfs/color_ext_case_nul.sh new file mode 100644 index 0000000..68fea1c --- /dev/null +++ b/tests/bfs/color_ext_case_nul.sh @@ -0,0 +1,5 @@ +# Regression test: embedded NUL bytes in an extension caused an assertion +# failure in the trie implementation + +export LS_COLORS='*.gz=01;31:*\0.GZ=01;32:' +bfs_diff rainbow -color |