[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

["patch"] don't output negative amount of characters in lib/sh/unicode.c

From: bla blamail
Subject: ["patch"] don't output negative amount of characters in lib/sh/unicode.c
Date: Wed, 13 Nov 2013 21:03:39 +0000

introduced with

builtin echo -e
through ansictr(), and u32cconv() may end up calling wctomb(). however
this function may return -1 when it can not be converted into a
multibyte sequence. This value is then returrned to its callers, and
interpreted as the amount of bytes consumed. (r += u32cconv(v, r)).

This creates some corruption which is almost certain to result at
least in a crash.

env -i bash
echo -e "\uaaaa+"

or more amusing:
echo -e "Y\u1d52\u1d58 O\u1db0\u02e1\u02b8 L\u1da4\u1d5b\u1d49

I didn't spend too much time analyzing the code, but below is my quick
fix to at least prevent bash from crashing.

please cc, i'm not subscribed

diff --git a/lib/sh/unicode.c b/lib/sh/unicode.c
index d34fa08..7215960 100644
--- a/lib/sh/unicode.c
+++ b/lib/sh/unicode.c
@@ -163,7 +163,7 @@ u32cconv (c, s)
   if (sizeof (wchar_t) == 4)
       n = wctomb (s, wc);
-      return n;
+      return (n == -1) ? 0 : n;

reply via email to

[Prev in Thread] Current Thread [Next in Thread]