From 377709664480a30fa5acdd11c7ca8c16669678ce Mon Sep 17 00:00:00 2001 From: Tavian Barnes Date: Wed, 6 Sep 2023 14:59:59 -0400 Subject: bfstd: Fix an OOB string index in xmbrtowc() This bug could be reproduced with something like $ bfs -samefile $'\xFA\xFA' bfs: error: bfs: dstrnescat@src/dstring.c:252: wordesc() result truncated or worse, with -DNDEBUG, $ bfs -samefile $'.....................\xFA\xFA' bfs: error: bfs -samefile $'.....................\xFA\xFA\x00\x55\x53\x45\x52\x3D\x74\x61\x76\x69\x61\x6E\x61\x74\x6F\x72 bfs: error: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ bfs: error: No such file or directory. which prints the memory after the end of the string (in this case, the environment variable USER=tavianator). The bug was caused by the line `*i += len`, which was intended to be `*i = len`. But actually, the right behaviour seems to be `*i += 1`. Fixes: 19c96abe0a1ee56cf206fd5e87defb1fd3e0daa5 --- tests/common/samefile_wordesc.sh | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 tests/common/samefile_wordesc.sh (limited to 'tests/common') diff --git a/tests/common/samefile_wordesc.sh b/tests/common/samefile_wordesc.sh new file mode 100644 index 0000000..b5d158f --- /dev/null +++ b/tests/common/samefile_wordesc.sh @@ -0,0 +1,4 @@ +# Regression test: don't abort on incomplete UTF-8 sequences +export LC_ALL=$(locale -a | grep -Ei 'utf-?8$' | head -n1) +test -n "$LC_ALL" || skip +! invoke_bfs -samefile $'\xFA\xFA' -- cgit v1.2.3