summaryrefslogtreecommitdiffstats
path: root/utf8.c
diff options
context:
space:
mode:
authorPatrick Steinhardt <ps@pks.im>2022-12-01 15:47:10 +0100
committerJunio C Hamano <gitster@pobox.com>2022-12-09 06:26:21 +0100
commit81c2d4c3a5ba0e6ab8c348708441fed170e63a82 (patch)
tree6e42dd04e82fdce97983392fca1ca058a74b7e27 /utf8.c
parentutf8: fix overflow when returning string width (diff)
downloadgit-81c2d4c3a5ba0e6ab8c348708441fed170e63a82.tar.xz
git-81c2d4c3a5ba0e6ab8c348708441fed170e63a82.zip
utf8: fix checking for glyph width in `strbuf_utf8_replace()`
In `strbuf_utf8_replace()`, we call `utf8_width()` to compute the width of the current glyph. If the glyph is a control character though it can be that `utf8_width()` returns `-1`, but because we assign this value to a `size_t` the conversion will cause us to underflow. This bug can easily be triggered with the following command: $ git log --pretty='format:xxx%<|(1,trunc)%x10' >From all I can see though this seems to be a benign underflow that has no security-related consequences. Fix the bug by using an `int` instead. When we see a control character, we now copy it into the target buffer but don't advance the current width of the string. Signed-off-by: Patrick Steinhardt <ps@pks.im> Signed-off-by: Junio C Hamano <gitster@pobox.com>
Diffstat (limited to 'utf8.c')
-rw-r--r--utf8.c19
1 files changed, 14 insertions, 5 deletions
diff --git a/utf8.c b/utf8.c
index 30c7787cfa..077daf4b20 100644
--- a/utf8.c
+++ b/utf8.c
@@ -377,6 +377,7 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width,
dst = sb_dst.buf;
while (src < end) {
+ int glyph_width;
char *old;
size_t n;
@@ -390,21 +391,29 @@ void strbuf_utf8_replace(struct strbuf *sb_src, int pos, int width,
break;
old = src;
- n = utf8_width((const char**)&src, NULL);
- if (!src) /* broken utf-8, do nothing */
+ glyph_width = utf8_width((const char**)&src, NULL);
+ if (!src) /* broken utf-8, do nothing */
goto out;
- if (n && w >= pos && w < pos + width) {
+
+ /*
+ * In case we see a control character we copy it into the
+ * buffer, but don't add it to the width.
+ */
+ if (glyph_width < 0)
+ glyph_width = 0;
+
+ if (glyph_width && w >= pos && w < pos + width) {
if (subst) {
memcpy(dst, subst, subst_len);
dst += subst_len;
subst = NULL;
}
- w += n;
+ w += glyph_width;
continue;
}
memcpy(dst, old, src - old);
dst += src - old;
- w += n;
+ w += glyph_width;
}
strbuf_setlen(&sb_dst, dst - sb_dst.buf);
strbuf_swap(sb_src, &sb_dst);