mirror of https://github.com/xzeldon/htop.git
Fix out of boundary writes in XUtils
It is possible to exceed the unsigned int data type on 64 bit systems with enough available RAM. Use size_t in all places instead. Proof of Concept: Create a 4 GB line in .htoprc file and run htop $ dd if=/dev/zero bs=1024 count=4194304 | tr '\0' 'a' > ~/.htoprc $ htop Segmentation fault Also avoid overflow of stack based "match" array in String_getToken.
This commit is contained in:
parent
6eab39c0ab
commit
fde1243443
11
XUtils.c
11
XUtils.c
|
@ -101,6 +101,7 @@ inline bool String_contains_i(const char* s1, const char* s2) {
|
||||||
char* String_cat(const char* s1, const char* s2) {
|
char* String_cat(const char* s1, const char* s2) {
|
||||||
const size_t l1 = strlen(s1);
|
const size_t l1 = strlen(s1);
|
||||||
const size_t l2 = strlen(s2);
|
const size_t l2 = strlen(s2);
|
||||||
|
assert(SIZE_MAX - l1 > l2);
|
||||||
char* out = xMalloc(l1 + l2 + 1);
|
char* out = xMalloc(l1 + l2 + 1);
|
||||||
memcpy(out, s1, l1);
|
memcpy(out, s1, l1);
|
||||||
memcpy(out + l1, s2, l2);
|
memcpy(out + l1, s2, l2);
|
||||||
|
@ -122,10 +123,10 @@ char* String_trim(const char* in) {
|
||||||
}
|
}
|
||||||
|
|
||||||
char** String_split(const char* s, char sep, size_t* n) {
|
char** String_split(const char* s, char sep, size_t* n) {
|
||||||
const unsigned int rate = 10;
|
const size_t rate = 10;
|
||||||
char** out = xCalloc(rate, sizeof(char*));
|
char** out = xCalloc(rate, sizeof(char*));
|
||||||
size_t ctr = 0;
|
size_t ctr = 0;
|
||||||
unsigned int blocks = rate;
|
size_t blocks = rate;
|
||||||
const char* where;
|
const char* where;
|
||||||
while ((where = strchr(s, sep)) != NULL) {
|
while ((where = strchr(s, sep)) != NULL) {
|
||||||
size_t size = (size_t)(where - s);
|
size_t size = (size_t)(where - s);
|
||||||
|
@ -177,6 +178,8 @@ char* String_getToken(const char* line, const unsigned short int numMatch) {
|
||||||
|
|
||||||
if (inWord == 1) {
|
if (inWord == 1) {
|
||||||
if (count == numMatch && line[i] != ' ' && line[i] != '\0' && line[i] != '\n' && line[i] != (char)EOF) {
|
if (count == numMatch && line[i] != ' ' && line[i] != '\0' && line[i] != '\n' && line[i] != (char)EOF) {
|
||||||
|
if (foundCount == sizeof(match) / sizeof(match[0]) - 1)
|
||||||
|
break;
|
||||||
match[foundCount] = line[i];
|
match[foundCount] = line[i];
|
||||||
foundCount++;
|
foundCount++;
|
||||||
}
|
}
|
||||||
|
@ -188,8 +191,8 @@ char* String_getToken(const char* line, const unsigned short int numMatch) {
|
||||||
}
|
}
|
||||||
|
|
||||||
char* String_readLine(FILE* fd) {
|
char* String_readLine(FILE* fd) {
|
||||||
const unsigned int step = 1024;
|
const size_t step = 1024;
|
||||||
unsigned int bufSize = step;
|
size_t bufSize = step;
|
||||||
char* buffer = xMalloc(step + 1);
|
char* buffer = xMalloc(step + 1);
|
||||||
char* at = buffer;
|
char* at = buffer;
|
||||||
for (;;) {
|
for (;;) {
|
||||||
|
|
Loading…
Reference in New Issue