From 377709664480a30fa5acdd11c7ca8c16669678ce Mon Sep 17 00:00:00 2001
From: Tavian Barnes <tavianator@tavianator.com>
Date: Wed, 6 Sep 2023 14:59:59 -0400
Subject: bfstd: Fix an OOB string index in xmbrtowc()

This bug could be reproduced with something like

    $ bfs -samefile $'\xFA\xFA'
    bfs: error: bfs: dstrnescat@src/dstring.c:252: wordesc() result truncated

or worse, with -DNDEBUG,

    $ bfs -samefile $'.....................\xFA\xFA'
    bfs: error: bfs -samefile $'.....................\xFA\xFA\x00\x55\x53\x45\x52\x3D\x74\x61\x76\x69\x61\x6E\x61\x74\x6F\x72
    bfs: error:               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    bfs: error: No such file or directory.

which prints the memory after the end of the string (in this case, the
environment variable USER=tavianator).

The bug was caused by the line `*i += len`, which was intended to be
`*i = len`.  But actually, the right behaviour seems to be `*i += 1`.

Fixes: 19c96abe0a1ee56cf206fd5e87defb1fd3e0daa5
---
 tests/common/samefile_wordesc.sh | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 tests/common/samefile_wordesc.sh

(limited to 'tests/common')

diff --git a/tests/common/samefile_wordesc.sh b/tests/common/samefile_wordesc.sh
new file mode 100644
index 0000000..b5d158f
--- /dev/null
+++ b/tests/common/samefile_wordesc.sh
@@ -0,0 +1,4 @@
+# Regression test: don't abort on incomplete UTF-8 sequences
+export LC_ALL=$(locale -a | grep -Ei 'utf-?8$' | head -n1)
+test -n "$LC_ALL" || skip
+! invoke_bfs -samefile $'\xFA\xFA'
-- 
cgit v1.2.3