CVS commit: src

Sat, 12 Aug 2023 05:49:02 -0700 

Module Name:    src
Committed By:   riastradh
Date:           Sat Aug 12 12:48:53 UTC 2023

Modified Files:
        src/lib/libc/gen: vis.c
        src/tests/lib/libc/gen: t_vis.c

Log Message:
vis(3): Fix one more buffer overrun in an edge case.

PR lib/57573

XXX pullup-10
XXX pullup-9
XXX pullup-8


To generate a diff of this commit:
cvs rdiff -u -r1.82 -r1.83 src/lib/libc/gen/vis.c
cvs rdiff -u -r1.13 -r1.14 src/tests/lib/libc/gen/t_vis.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/lib/libc/gen/vis.c
diff -u src/lib/libc/gen/vis.c:1.82 src/lib/libc/gen/vis.c:1.83
--- src/lib/libc/gen/vis.c:1.82	Sat Aug 12 12:48:37 2023
+++ src/lib/libc/gen/vis.c	Sat Aug 12 12:48:52 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: vis.c,v 1.82 2023/08/12 12:48:37 riastradh Exp $	*/
+/*	$NetBSD: vis.c,v 1.83 2023/08/12 12:48:52 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 1989, 1993
@@ -57,7 +57,7 @@
 
 #include <sys/cdefs.h>
 #if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.82 2023/08/12 12:48:37 riastradh Exp $");
+__RCSID("$NetBSD: vis.c,v 1.83 2023/08/12 12:48:52 riastradh Exp $");
 #endif /* LIBC_SCCS and not lint */
 #ifdef __FBSDID
 __FBSDID("$FreeBSD$");
@@ -570,6 +570,10 @@ istrsenvisx(char **mbdstp, size_t *dlen,
 	len = wcslen(start);
 	if (dlen) {
 		maxolen = *dlen;
+		if (maxolen == 0) {
+			errno = ENOSPC;
+			goto out;
+		}
 	} else {
 		if (len > (SIZE_MAX - 1)/MB_LEN_MAX) {
 			errno = ENOSPC;
@@ -651,6 +655,7 @@ istrsenvisx(char **mbdstp, size_t *dlen,
 	}
 
 	/* Terminate the output string. */
+	assert(olen < maxolen);
 	*mbdst = '\0';
 
 	if (flags & VIS_NOLOCALE) {

Index: src/tests/lib/libc/gen/t_vis.c
diff -u src/tests/lib/libc/gen/t_vis.c:1.13 src/tests/lib/libc/gen/t_vis.c:1.14
--- src/tests/lib/libc/gen/t_vis.c:1.13	Sat Aug 12 12:48:37 2023
+++ src/tests/lib/libc/gen/t_vis.c	Sat Aug 12 12:48:53 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: t_vis.c,v 1.13 2023/08/12 12:48:37 riastradh Exp $	*/
+/*	$NetBSD: t_vis.c,v 1.14 2023/08/12 12:48:53 riastradh Exp $	*/
 
 /*-
  * Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -128,8 +128,6 @@ ATF_TC_BODY(strnvis_empty_empty, tc)
 	char dst[] = "fail";
 	int n;
 
-	atf_tc_expect_fail("PR lib/57573: Overflow possibilities in vis(3)");
-
 	n = strnvis(dst, 0, "", VIS_SAFE);
 	ATF_CHECK(memcmp(dst, "fail", sizeof(dst)) == 0);
 	ATF_CHECK_EQ_MSG(n, -1, "n=%d", n);

Reply via email to