0051-proc/escape.c: Prevent buffer overflows in escape_command().

This solves several problems: 1/ outbuf[1] was written to, but not outbuf[0], which was left uninitialized (well, SECURE_ESCAPE_ARGS() already fixes this, but do it explicitly as well); we know it is safe to write one byte to outbuf, because SECURE_ESCAPE_ARGS() guarantees it. 2/ If bytes was 1, the write to outbuf[1] was an off-by-one overflow. 3/ Do not call escape_str() with a 0 bufsize if bytes == overhead. 4/ Prevent various buffer overflows if bytes <= overhead.
1970-01-01 00:00:00 +00:00 · 1970-01-01 00:00:00 +00:00 · 1e48648b82
commit 1e48648b82
parent 1eddce14c3
1 changed files with 4 additions and 5 deletions
--- a/proc/escape.c
+++ b/proc/escape.c
@ -216,11 +216,10 @@ int escape_command(char *restrict const outbuf, const proc_t *restrict const pp,
    if(pp->state=='Z') overhead += 10;    // chars in " <defunct>"
    else flags &= ~ESC_DEFUNCT;
  }
-  if(overhead + 1 >= *cells){  // if no room for even one byte of the command name
-    // you'd damn well better have _some_ space
-//    outbuf[0] = '-';  // Oct23
-    outbuf[1] = '\0';
-    return 1;
+  if(overhead + 1 >= *cells || // if no room for even one byte of the command name
+     overhead + 1 >= bytes){
+    outbuf[0] = '\0';
+    return 0;
  }
  if(flags & ESC_BRACKETS){
    outbuf[end++] = '[';