[openssh-commits] [openssh] 07/10: upstream commit
git+noreply at mindrot.org
git+noreply at mindrot.org
Mon Jun 6 11:37:02 AEST 2016
This is an automated email from the git hooks/post-receive script.
dtucker pushed a commit to branch master
in repository openssh.
commit cd9e1eabeb4137182200035ab6fa4522f8d24044
Author: schwarze at openbsd.org <schwarze at openbsd.org>
Date: Mon May 30 12:57:21 2016 +0000
upstream commit
Even when only writing an unescaped character, the dst
buffer may need to grow, or it would be overrun; issue found by tb@ with
malloc.conf(5) 'C'.
While here, reserve an additional byte for the terminating NUL
up front such that we don't have to realloc() later just for that.
OK tb@
Upstream-ID: 30ebcc0c097c4571b16f0a78b44969f170db0cff
---
utf8.c | 46 +++++++++++++++++++++++++++++++---------------
1 file changed, 31 insertions(+), 15 deletions(-)
diff --git a/utf8.c b/utf8.c
index caf789c..18ee538 100644
--- a/utf8.c
+++ b/utf8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: utf8.c,v 1.2 2016/05/30 12:05:56 schwarze Exp $ */
+/* $OpenBSD: utf8.c,v 1.3 2016/05/30 12:57:21 schwarze Exp $ */
/*
* Copyright (c) 2016 Ingo Schwarze <schwarze at openbsd.org>
*
@@ -33,6 +33,7 @@
#include "utf8.h"
static int dangerous_locale(void);
+static int grow_dst(char **, size_t *, size_t, char **, size_t);
static int vasnmprintf(char **, size_t, int *, const char *, va_list);
@@ -53,6 +54,25 @@ dangerous_locale(void) {
return strcmp(loc, "US-ASCII") && strcmp(loc, "UTF-8");
}
+static int
+grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need)
+{
+ char *tp;
+ size_t tsz;
+
+ if (*dp + need < *dst + *sz)
+ return 0;
+ tsz = *sz + 128;
+ if (tsz > maxsz)
+ tsz = maxsz;
+ if ((tp = realloc(*dst, tsz)) == NULL)
+ return -1;
+ *dp = tp + (*dp - *dst);
+ *dst = tp;
+ *sz = tsz;
+ return 0;
+}
+
/*
* The following two functions limit the number of bytes written,
* including the terminating '\0', to sz. Unless wp is NULL,
@@ -74,7 +94,6 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
char *dp; /* Pointer into dst. */
char *tp; /* Temporary pointer for dst. */
size_t sz; /* Number of bytes allocated for dst. */
- size_t tsz; /* Temporary size while extending dst. */
wchar_t wc; /* Wide character at sp. */
int len; /* Number of bytes in the character at sp. */
int ret; /* Number of bytes needed to format src. */
@@ -85,7 +104,7 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
if ((ret = vasprintf(&src, fmt, ap)) <= 0)
goto fail;
- sz = strlen(src);
+ sz = strlen(src) + 1;
if ((dst = malloc(sz)) == NULL) {
free(src);
goto fail;
@@ -130,6 +149,11 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
total_width > max_width - width))
print = 0;
if (print) {
+ if (grow_dst(&dst, &sz, maxsz,
+ &dp, len) == -1) {
+ ret = -1;
+ break;
+ }
total_width += width;
memcpy(dp, sp, len);
dp += len;
@@ -147,18 +171,10 @@ vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
total_width > max_width - 4))
print = 0;
if (print) {
- if (dp + 4 >= dst + sz) {
- tsz = sz + 128;
- if (tsz > maxsz)
- tsz = maxsz;
- tp = realloc(dst, tsz);
- if (tp == NULL) {
- ret = -1;
- break;
- }
- dp = tp + (dp - dst);
- dst = tp;
- sz = tsz;
+ if (grow_dst(&dst, &sz, maxsz,
+ &dp, 4) == -1) {
+ ret = -1;
+ break;
}
tp = vis(dp, *sp, VIS_OCTAL | VIS_ALL, 0);
width = tp - dp;
--
To stop receiving notification emails like this one, please contact
djm at mindrot.org.
More information about the openssh-commits
mailing list