0101-top: Check width and col.
Otherwise they may lead to out-of-bounds writes (snprintf() returns the number of characters which would have been written if enough space had been available). Also, make sure buf is null-terminated after COLPLUSCH has been written.
This commit is contained in:
parent
766e31a2c3
commit
9cb8bee6a1
@ -168,7 +168,7 @@ static float Frame_etscale; // so we can '*' vs. '/' WHEN 'pcpu'
|
||||
static int Autox_array [EU_MAXPFLGS],
|
||||
Autox_found;
|
||||
#define AUTOX_NO EU_MAXPFLGS
|
||||
#define AUTOX_COL(f) if (EU_MAXPFLGS > f) Autox_array[f] = Autox_found = 1
|
||||
#define AUTOX_COL(f) if (EU_MAXPFLGS > f && f >= 0) Autox_array[f] = Autox_found = 1
|
||||
#define AUTOX_MODE (0 > Rc.fixed_widest)
|
||||
|
||||
/* Support for scale_mem and scale_num (to avoid duplication. */
|
||||
@ -1441,7 +1441,10 @@ static inline const char *make_num (long num, int width, int justr, int col, int
|
||||
goto end_justifies;
|
||||
|
||||
if (width < snprintf(buf, sizeof(buf), "%ld", num)) {
|
||||
if (width <= 0 || (size_t)width >= sizeof(buf))
|
||||
width = sizeof(buf)-1;
|
||||
buf[width-1] = COLPLUSCH;
|
||||
buf[width] = '\0';
|
||||
AUTOX_COL(col);
|
||||
}
|
||||
end_justifies:
|
||||
@ -1456,7 +1459,10 @@ static inline const char *make_str (const char *str, int width, int justr, int c
|
||||
static char buf[SCREENMAX];
|
||||
|
||||
if (width < snprintf(buf, sizeof(buf), "%s", str)) {
|
||||
if (width <= 0 || (size_t)width >= sizeof(buf))
|
||||
width = sizeof(buf)-1;
|
||||
buf[width-1] = COLPLUSCH;
|
||||
buf[width] = '\0';
|
||||
AUTOX_COL(col);
|
||||
}
|
||||
return justify_pad(buf, width, justr);
|
||||
|
Loading…
Reference in New Issue
Block a user