bug-teseq
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-teseq] out-of-range access in print_gxdm_info


From: Micah Cowan
Subject: Re: [Bug-teseq] out-of-range access in print_gxdm_info
Date: Wed, 06 Aug 2008 11:35:41 -0700
User-agent: Thunderbird 2.0.0.16 (X11/20080707)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bruno Haible wrote:
> $ printf '\x1b$z' | teseq
> : Esc $ z
> & GiDM4: G-40-DESIGNATE MULTIBYTE 94-SET
> 
> print_gxdm_info is called with i1 = 0, f = 122, and sets designate = -40,
> which is then later used as a string index...
> 
> print_gxdm_info may be called with any i1 ∈ { 0, 0x20..0x2f }.

Thanks, Bruno. The following patch seems to have fixed this problem;
I'll push it tonight when I'm on the machine that has my Savannah ssh key.

diff -r f4f09eff119f -r 245d8eac5c73 src/teseq.c
- --- a/src/teseq.c       Sun Aug 03 18:41:46 2008 -0700
+++ b/src/teseq.c       Wed Aug 06 11:18:46 2008 -0700
@@ -546,7 +546,7 @@
       set = 6;
       designate = i1 - 0x2c;
     }
- -  else if (i1 != 0x27 && i1 != 0x2c)
+  else if (i1 >= 0x28 && i1 != 0x2c)
     {
       set = 4;
       designate = i1 - 0x28;
@@ -554,5 +554,7 @@
   else
     return;

+  assert (designate >= 0);
+  assert (designate < 4);
   if (configuration.labels)
     {


- --
Micah J. Cowan
Programmer, musician, typesetting enthusiast, gamer.
GNU Maintainer: wget, screen, teseq
http://micah.cowan.name/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIme797M8hyUobTrERAiQ8AJ4i1lbhYsKaGSNYAhGyD7uHLhOj8QCghP4g
yogjifHQ9rNdwyP6s/MiZxs=
=dCU3
-----END PGP SIGNATURE-----




reply via email to

[Prev in Thread] Current Thread [Next in Thread]