Tha_14/toxic
1
0
Fork 0
mirror of https://github.com/Tha14/toxic.git synced 2024-06-29 16:27:45 +02:00
Code Issues Projects Releases Wiki Activity

fix possible buffer overflows and undefined behaviour

Browse Source
This commit is contained in:
Jfreegman 2014-07-25 17:55:21 -04:00
parent fb5a9bc043
commit f630a3e604
No known key found for this signature in database
GPG Key ID: 3627F3144076AE63
6 changed files with 11 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/autocomplete.c
View File

@ -178,7 +178,7 @@ int complete_line(ToxWindow *self, const void *list, int n_items, int size)
int strt = ctx->pos - s_len;
int diff = m_len - s_len + n_endchrs;
if (ctx->len + diff > MAX_STR_SIZE)
if (ctx->len + diff >= MAX_STR_SIZE)
return -1;
char tmpend[MAX_STR_SIZE];
@ -220,7 +220,7 @@ static void complt_home_dir(ToxWindow *self, char *path)
int newlen = wcslen(wline);
if (ctx->len + newlen > MAX_STR_SIZE)
if (ctx->len + newlen >= MAX_STR_SIZE)
return;
wmemcpy(ctx->line, wline, newlen + 1);

4
src/chat_commands.c
View File

@ -172,7 +172,7 @@ void cmd_sendfile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv
int path_len = strlen(path) - 1;
path[path_len] = '\0';
if (path_len > MAX_STR_SIZE) {
if (path_len >= MAX_STR_SIZE) {
errmsg = "File path exceeds character limit.";
line_info_add(self, NULL, NULL, NULL, SYS_MSG, 0, 0, errmsg);
return;
@ -190,7 +190,7 @@ void cmd_sendfile(WINDOW *window, ToxWindow *self, Tox *m, int argc, char (*argv
uint64_t filesize = ftell(file_to_send);
fseek(file_to_send, 0, SEEK_SET);
char filename[MAX_STR_SIZE];
char filename[MAX_STR_SIZE] = {0};
get_file_name(filename, sizeof(filename), path);
int filenum = tox_new_file_sender(m, self->num, filesize, (const uint8_t *) filename, strlen(filename));

4
src/execute.c
View File

@ -114,7 +114,9 @@ static int parse_command(WINDOW *w, ToxWindow *self, const char *input, char (*a
if (cmd[i] == '\0') /* no more args */
break;
strcpy(cmd, &cmd[i + 1]);
char tmp[MAX_STR_SIZE];
snprintf(tmp, sizeof(tmp), "%s", &cmd[i + 1]);
strcpy(cmd, tmp);
}
free(cmd);

7
src/input.c
View File

@ -145,16 +145,13 @@ static void input_mv_left(ToxWindow *self, int x, int mx_x)
if (ctx->pos <= 0)
return;
int cur_len = wcwidth(ctx->line[ctx->pos - 1]);
int cur_len = ctx->pos > 0 ? wcwidth(ctx->line[ctx->pos - 1]) : 0;
int s_len = ctx->start > 0 ? wcwidth(ctx->line[ctx->start - 1]) : 0;
--ctx->pos;
int s_len = wcwidth(ctx->line[ctx->start - 1]);
if (ctx->start && (x >= mx_x - cur_len))
ctx->start = MAX(0, ctx->start - 1 + (s_len - cur_len));
else if (ctx->start && (ctx->pos == ctx->len))
ctx->start = MAX(0, ctx->start - cur_len);
else if (ctx->start)
ctx->start = MAX(0, ctx->start - cur_len);
}

2
src/log.c
View File

@ -59,7 +59,7 @@ void init_logging_session(char *name, char *key, struct chatlog *log)
path_len += strlen(ident) + 1;
}
if (path_len > MAX_STR_SIZE) {
if (path_len >= MAX_STR_SIZE) {
log->log_on = false;
free(user_config_dir);
return;

2
src/toxic_strings.c
View File

@ -170,7 +170,7 @@ static void shift_hist_back(ChatContext *ctx)
/* adds a line to the ln_history buffer at hst_pos and sets hst_pos to end of history. */
void add_line_to_hist(ChatContext *ctx)
{
if (ctx->len > MAX_STR_SIZE)
if (ctx->len >= MAX_STR_SIZE)
return;
if (ctx->hst_tot >= MAX_LINE_HIST)