Highlights:
- Some style fixes
- Bumped mbbuf in istrsenvisx() to MB_LEN_MAX to avoid VLAs
- mbslength cannot go negative, so make it unsigned
- Further bounds checking & fix an additional overrun, with dlen == 0
- Avoid duplicate call to wcslen(start)
The previous incarnation of this would call wcrtomb() on the destination
buffer, and only check for overflow *after* it's happened.
Additionally, the conversion error / VIS_NOLOCALE path also didn't check
for overflow, and the overflow check at the end didn't account for the
fact that we still need to write a NUL terminator afterward.
Start by only doing the multibyte conversion into mbdst directly if we
have enough buffer space to guarantee it'll fit. An additional
MB_CUR_MAX buffer has been stashed on the stack to write into if we're
cutting it close at the end of the buffer, since we don't really have a
good way to determine the length of the wchar_t without just doing the
conversion. We'll do the conversion into the buffer that's guaranteed
to fit, then copy it over if the copy won't overflow.
The byte-for-byte overflow is a little bit easier, as we simply check
for overflow with each byte written and make sure we can still NUL
terminate after.
Tests added to exercise these edge cases.
Reviewed by: des
Sponsored by: Klara, Inc.
Differential Revision: https://reviews.freebsd.org/D41328
I found this while running kdump(1) on a CheriBSD system due to a
capability length violation when printing the /etc/libmap.conf read()
system call: it crashed immediately after printing the first line.
Found by: CHERI
Reviewed By: jhb
MFC after: 3 days
Differential Revision: https://reviews.freebsd.org/D30771
The mbtoc(3) and wctomb(3) functions use internal state which may be
tainted before the call to strvis(3). In this context we can just use
the thread-safe versions mbrtoc(3) and wcrtomb(3) which allow passing
our own state from our stack.
MFC after: 2 weeks
Sponsored by: Dell EMC Isilon
This adds stravis() and some new encoding flags VIS_SHELL, VIS_META,
and VIS_NOLOCALE.
Assorted cleanups and fixes includeing a manpage typo[0].
PR: 210013 [0]
Submitted by: pi [0]
multibyte support[0] and the new functions strenvisx and strsenvisx.
Add MLINKS for vis(3) functions add by this and the initial import from
NetBSD[1].
PR: bin/166364, bin/175418
Submitted by: "J.R. Oldroyd" <fbsd@opal.com>[0]
stefanf[1]
Obtained from: NetBSD
MFC after: 2 weeks
NetBSD's. This output size limited versions of vis and unvis functions
as well as a set of vis variants that allow arbitrary characters to be
specified for encoding.
Finally, MIME Quoted-Printable encoding as described in RFC 2045 is
supported.