blob: 420a19b41981cec6e1ad80c248662b4751b1fb18 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
From ad135388ac66b7c8276b0899d9b43433e2faffa6 Mon Sep 17 00:00:00 2001
From: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
Date: Tue, 7 Dec 2021 23:58:53 +0000
Subject: [PATCH] Fix heap-buffer-overflow in captoinfo
This has been picked up from http://cvsweb.netbsd.org/
bsdweb.cgi/pkgsrc/devel/ncurses/patches/Attic/
patch-ncurses_tinfo_captoinfo.c
?rev=1.1&content-type=text/x-cvsweb-markup
Thomas Dickey is the owner of this patch.
This fix is a part of
https://github.com/ThomasDickey/ncurses-snapshots/
commit/63ca9e061f4644795d6f3f559557f3e1ed8c738b#diff-
7e95c7bc5f213e9be438e69a9d5d0f261a14952bcbd692f7b9014217b8047340
Signed-off-by: P Dheeraj Srujan Kumar <p.dheeraj.srujan.kumar@intel.com>
---
ncurses/tinfo/captoinfo.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/ncurses/tinfo/captoinfo.c b/ncurses/tinfo/captoinfo.c
index 8b3b83d1..c9741405 100644
--- a/ncurses/tinfo/captoinfo.c
+++ b/ncurses/tinfo/captoinfo.c
@@ -216,12 +216,15 @@ cvtchar(register const char *sp)
}
break;
case '^':
+ len = 2;
c = UChar(*++sp);
- if (c == '?')
+ if (c == '?') {
c = 127;
- else
+ } else if (c == '\0') {
+ len = 1;
+ } else {
c &= 0x1f;
- len = 2;
+ }
break;
default:
c = UChar(*sp);
--
2.17.1
|