libedit: Avoid out of bounds read in 'bind' command
This is CVS revision 1.31 from NetBSD lib/libedit/chartype.c: Make sure that argv is NULL terminated since functions like tty_stty rely on it to be so (Gerry Swinslow) This broke when the wide-character support was enabled in libedit. The conversion from multibyte to wide-character did not supply the apparently expected terminating NULL in the new argv array. PR: 233343 Submitted by: Yuichiro NAITO Obtained from: NetBSD MFC after: 1 week
This commit is contained in:
parent
3ea5899793
commit
fbdcf603c8
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=343105
@ -157,7 +157,7 @@ ct_decode_argv(int argc, const char *argv[], ct_buffer_t *conv)
|
|||||||
if (ct_conv_wbuff_resize(conv, bufspace + CT_BUFSIZ) == -1)
|
if (ct_conv_wbuff_resize(conv, bufspace + CT_BUFSIZ) == -1)
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
wargv = el_malloc((size_t)argc * sizeof(*wargv));
|
wargv = el_malloc((size_t)(argc + 1) * sizeof(*wargv));
|
||||||
|
|
||||||
for (i = 0, p = conv->wbuff; i < argc; ++i) {
|
for (i = 0, p = conv->wbuff; i < argc; ++i) {
|
||||||
if (!argv[i]) { /* don't pass null pointers to mbstowcs */
|
if (!argv[i]) { /* don't pass null pointers to mbstowcs */
|
||||||
@ -175,6 +175,7 @@ ct_decode_argv(int argc, const char *argv[], ct_buffer_t *conv)
|
|||||||
bufspace -= (size_t)bytes;
|
bufspace -= (size_t)bytes;
|
||||||
p += bytes;
|
p += bytes;
|
||||||
}
|
}
|
||||||
|
wargv[i] = NULL;
|
||||||
|
|
||||||
return wargv;
|
return wargv;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user