Re: editors/nedit: avoid *printf %n

2021-09-16 Thread Ingo Schwarze 
+Cc: MAINTAINER

Hi Theo,

Theo Buehler wrote on Wed, Sep 15, 2021 at 11:59:36PM +0200:

> Straightforward.

OK schwarze@.

Given that we are approaching a lock, i don't think you should wait
for feedback from the MAINTAINER.

Alessandro, i suspect buffer overflow issues in util/misc.c,
function CreateGeometryString().  The arguments are (int) and can
likely be provided from outside the program, but the buffer being
printed to is only 24 bytes long.  I didn't poke around long enough
to figure out whether this can crash the program (or worse), but as
the MAINTAINER, it might make sense that you have a closer look.
But that seems unrelated to the present patch.

There is much opportunity for additional cleanup to be done upstream:
for example, strcpy(3) in conjunction with pointer arithmetics is all
over the place, and invariants are quite non-obvious if any exist.

Yours,
  Ingo

Testing done:
Before:
   $ /obin/ncl tmp.txt
  Abort trap (core dumped) 
   $ /obin/nedit -g 80x24+100+100   
  Abort trap (core dumped) 
After:
   $ ncl tmp.txt  # works
   $ nedit -g 80x24+100+100   # works


> Index: Makefile
> ===
> RCS file: /cvs/ports/editors/nedit/Makefile,v
> retrieving revision 1.82
> diff -u -p -r1.82 Makefile
> --- Makefile  12 Apr 2020 14:46:04 -  1.82
> +++ Makefile  13 Sep 2021 16:06:53 -
> @@ -5,7 +5,7 @@ COMMENT=  a fast, compact Motif/X11 plai
>  DISTNAME=nedit-5.7
>  P_V= 0.5
>  EPOCH=   0
> -REVISION =   0
> +REVISION =   1
>  DISTFILES=   ${DISTNAME}-src${EXTRACT_SUFX} \
>   nedit_patterns-${P_V}.tgz:0
>  
> Index: patches/patch-source_nc_c
> ===
> RCS file: /cvs/ports/editors/nedit/patches/patch-source_nc_c,v
> retrieving revision 1.2
> diff -u -p -r1.2 patch-source_nc_c
> --- patches/patch-source_nc_c 28 Feb 2019 23:00:47 -  1.2
> +++ patches/patch-source_nc_c 13 Sep 2021 16:04:55 -
> @@ -27,3 +27,28 @@ Index: source/nc.c
>   #endif /*VMS*/
>   
>   /* Structure to hold X Resource values */
> +@@ -778,10 +778,10 @@ static void parseCommandLine(int argc, char **argv, Co
> +The "long" cast on strlen() is necessary because size_t
> +is 64 bit on Alphas, and 32-bit on most others.  There is
> +no printf format specifier for "size_t", thanx, ANSI. */
> +-sprintf(outPtr, "%d %d %d %d %d %ld %ld %ld %ld\n%n", 
> lineNum,
> ++charsWritten = sprintf(outPtr, "%d %d %d %d %d %ld %ld %ld 
> %ld\n", lineNum,
> + read, create, iconic, isTabbed, (long) strlen(path), 
> + (long) strlen(toDoCommand), (long) strlen(langMode),
> +-(long) strlen(geometry), );
> ++(long) strlen(geometry));
> + outPtr += charsWritten;
> + strcpy(outPtr, path);
> + outPtr += strlen(path);
> +@@ -816,9 +816,9 @@ static void parseCommandLine(int argc, char **argv, Co
> +  * iconic state (and optional language mode and geometry).
> +  */
> + if (toDoCommand[0] != '\0' || fileCount == 0) {
> +-sprintf(outPtr, "0 0 0 %d %d 0 %ld %ld %ld\n\n%n", iconic, tabbed,
> ++charsWritten = sprintf(outPtr, "0 0 0 %d %d 0 %ld %ld %ld\n\n", iconic, 
> tabbed,
> + (long) strlen(toDoCommand),
> +-(long) strlen(langMode), (long) strlen(geometry), 
> );
> ++(long) strlen(langMode), (long) strlen(geometry));
> + outPtr += charsWritten;
> + strcpy(outPtr, toDoCommand);
> + outPtr += strlen(toDoCommand);
> Index: patches/patch-util_misc_c
> ===
> RCS file: patches/patch-util_misc_c
> diff -N patches/patch-util_misc_c
> --- /dev/null 1 Jan 1970 00:00:00 -
> +++ patches/patch-util_misc_c 13 Sep 2021 16:01:48 -
> @@ -0,0 +1,37 @@
> +$OpenBSD$
> +
> +Index: util/misc.c
> +--- util/misc.c.orig
>  util/misc.c
> +@@ -1488,25 +1488,25 @@ void CreateGeometryString(char *string, int x, int y,
> + int nChars;
> + 
> + if (bitmask & WidthValue) {
> +-sprintf(ptr, "%d%n", width, );
> ++nChars = sprintf(ptr, "%d", width);
> + ptr += nChars;
> + }
> + if (bitmask & HeightValue) {
> +-sprintf(ptr, "x%d%n", height, );
> ++nChars = sprintf(ptr, "x%d", height);
> + ptr += nChars;
> + }
> + if (bitmask & XValue) {
> + if (bitmask & XNegative)
> +-sprintf(ptr, "-%d%n", -x, );
> ++nChars = sprintf(ptr, "-%d", -x);
> + else
> +-sprintf(ptr, "+%d%n", x, );
> ++nChars = sprintf(ptr, "+%d", x);
> + ptr += nChars;
> + }
> + if (bitmask & YValue) {
> + if (bitmask & YNegative)
> +-sprintf(ptr, "-%d%n", -y, );
>

editors/nedit: avoid *printf %n

2021-09-15 Thread Theo Buehler 
Straightforward.

Index: Makefile
===
RCS file: /cvs/ports/editors/nedit/Makefile,v
retrieving revision 1.82
diff -u -p -r1.82 Makefile
--- Makefile12 Apr 2020 14:46:04 -  1.82
+++ Makefile13 Sep 2021 16:06:53 -
@@ -5,7 +5,7 @@ COMMENT=a fast, compact Motif/X11 plai
 DISTNAME=  nedit-5.7
 P_V=   0.5
 EPOCH= 0
-REVISION = 0
+REVISION = 1
 DISTFILES= ${DISTNAME}-src${EXTRACT_SUFX} \
nedit_patterns-${P_V}.tgz:0
 
Index: patches/patch-source_nc_c
===
RCS file: /cvs/ports/editors/nedit/patches/patch-source_nc_c,v
retrieving revision 1.2
diff -u -p -r1.2 patch-source_nc_c
--- patches/patch-source_nc_c   28 Feb 2019 23:00:47 -  1.2
+++ patches/patch-source_nc_c   13 Sep 2021 16:04:55 -
@@ -27,3 +27,28 @@ Index: source/nc.c
  #endif /*VMS*/
  
  /* Structure to hold X Resource values */
+@@ -778,10 +778,10 @@ static void parseCommandLine(int argc, char **argv, Co
+The "long" cast on strlen() is necessary because size_t
+is 64 bit on Alphas, and 32-bit on most others.  There is
+no printf format specifier for "size_t", thanx, ANSI. */
+-  sprintf(outPtr, "%d %d %d %d %d %ld %ld %ld %ld\n%n", lineNum,
++  charsWritten = sprintf(outPtr, "%d %d %d %d %d %ld %ld %ld %ld\n", 
lineNum,
+   read, create, iconic, isTabbed, (long) strlen(path), 
+   (long) strlen(toDoCommand), (long) strlen(langMode),
+-  (long) strlen(geometry), );
++  (long) strlen(geometry));
+   outPtr += charsWritten;
+   strcpy(outPtr, path);
+   outPtr += strlen(path);
+@@ -816,9 +816,9 @@ static void parseCommandLine(int argc, char **argv, Co
+  * iconic state (and optional language mode and geometry).
+  */
+ if (toDoCommand[0] != '\0' || fileCount == 0) {
+-  sprintf(outPtr, "0 0 0 %d %d 0 %ld %ld %ld\n\n%n", iconic, tabbed,
++  charsWritten = sprintf(outPtr, "0 0 0 %d %d 0 %ld %ld %ld\n\n", iconic, 
tabbed,
+   (long) strlen(toDoCommand),
+-  (long) strlen(langMode), (long) strlen(geometry), 
);
++  (long) strlen(langMode), (long) strlen(geometry));
+   outPtr += charsWritten;
+   strcpy(outPtr, toDoCommand);
+   outPtr += strlen(toDoCommand);
Index: patches/patch-util_misc_c
===
RCS file: patches/patch-util_misc_c
diff -N patches/patch-util_misc_c
--- /dev/null   1 Jan 1970 00:00:00 -
+++ patches/patch-util_misc_c   13 Sep 2021 16:01:48 -
@@ -0,0 +1,37 @@
+$OpenBSD$
+
+Index: util/misc.c
+--- util/misc.c.orig
 util/misc.c
+@@ -1488,25 +1488,25 @@ void CreateGeometryString(char *string, int x, int y,
+ int nChars;
+ 
+ if (bitmask & WidthValue) {
+-  sprintf(ptr, "%d%n", width, );
++  nChars = sprintf(ptr, "%d", width);
+   ptr += nChars;
+ }
+ if (bitmask & HeightValue) {
+-  sprintf(ptr, "x%d%n", height, );
++  nChars = sprintf(ptr, "x%d", height);
+   ptr += nChars;
+ }
+ if (bitmask & XValue) {
+   if (bitmask & XNegative)
+-  sprintf(ptr, "-%d%n", -x, );
++  nChars = sprintf(ptr, "-%d", -x);
+   else
+-  sprintf(ptr, "+%d%n", x, );
++  nChars = sprintf(ptr, "+%d", x);
+   ptr += nChars;
+ }
+ if (bitmask & YValue) {
+   if (bitmask & YNegative)
+-  sprintf(ptr, "-%d%n", -y, );
++  nChars = sprintf(ptr, "-%d", -y);
+   else
+-  sprintf(ptr, "+%d%n", y, );
++  nChars = sprintf(ptr, "+%d", y);
+   ptr += nChars;
+ }
+ *ptr = '\0';