diff options
| author | Tavian Barnes <tavianator@tavianator.com> | 2023-09-06 14:59:59 -0400 |
|---|---|---|
| committer | Tavian Barnes <tavianator@tavianator.com> | 2023-09-06 16:31:04 -0400 |
| commit | 377709664480a30fa5acdd11c7ca8c16669678ce (patch) | |
| tree | 3478c5b632658c9babb23c48406f082fb178d400 /tests/bfstd.c | |
| parent | 37dd040e04bd23293b6e46f8f5af22ea07717894 (diff) | |
| download | bfs-377709664480a30fa5acdd11c7ca8c16669678ce.tar.xz | |
bfstd: Fix an OOB string index in xmbrtowc()
This bug could be reproduced with something like
$ bfs -samefile $'\xFA\xFA'
bfs: error: bfs: dstrnescat@src/dstring.c:252: wordesc() result truncated
or worse, with -DNDEBUG,
$ bfs -samefile $'.....................\xFA\xFA'
bfs: error: bfs -samefile $'.....................\xFA\xFA\x00\x55\x53\x45\x52\x3D\x74\x61\x76\x69\x61\x6E\x61\x74\x6F\x72
bfs: error: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
bfs: error: No such file or directory.
which prints the memory after the end of the string (in this case, the
environment variable USER=tavianator).
The bug was caused by the line `*i += len`, which was intended to be
`*i = len`. But actually, the right behaviour seems to be `*i += 1`.
Fixes: 19c96abe0a1ee56cf206fd5e87defb1fd3e0daa5
Diffstat (limited to 'tests/bfstd.c')
| -rw-r--r-- | tests/bfstd.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/tests/bfstd.c b/tests/bfstd.c index fa854a8..2db084a 100644 --- a/tests/bfstd.c +++ b/tests/bfstd.c @@ -23,6 +23,15 @@ static void check_base_dir(const char *path, const char *dir, const char *base) free(xbase); } +/** Check the result of wordesc(). */ +static void check_wordesc(const char *str, const char *exp, enum wesc_flags flags) { + char buf[256]; + char *end = buf + sizeof(buf); + char *ret = wordesc(buf, end, str, flags); + bfs_verify(ret != end); + bfs_verify(strcmp(buf, exp) == 0, "wordesc(%s) == %s (!= %s)", str, buf, exp); +} + int main(void) { // From man 3p basename check_base_dir("usr", ".", "usr"); @@ -36,5 +45,14 @@ int main(void) { check_base_dir("//usr//lib//", "//usr", "lib"); check_base_dir("/home//dwc//test", "/home//dwc", "test"); + check_wordesc("", "\"\"", WESC_SHELL); + check_wordesc("word", "word", WESC_SHELL); + check_wordesc("two words", "\"two words\"", WESC_SHELL); + check_wordesc("word's", "\"word's\"", WESC_SHELL); + check_wordesc("\"word\"", "'\"word\"'", WESC_SHELL); + check_wordesc("\"word's\"", "'\"word'\\''s\"'", WESC_SHELL); + check_wordesc("\033[1mbold's\033[0m", "$'\\e[1mbold\\'s\\e[0m'", WESC_SHELL | WESC_TTY); + check_wordesc("\x7F", "$'\\x7F'", WESC_SHELL | WESC_TTY); + return EXIT_SUCCESS; } |