Module Name: src
Committed By: riastradh
Date: Sat Aug 12 12:48:37 UTC 2023
Modified Files:
src/lib/libc/gen: vis.c
src/tests/lib/libc/gen: t_vis.c
Log Message:
vis(3): Fix main part of PR lib/57573.
>From Kyle Evans <kev...@freebsd.org>.
XXX pullup-10
XXX pullup-9
XXX pullup-8
To generate a diff of this commit:
cvs rdiff -u -r1.81 -r1.82 src/lib/libc/gen/vis.c
cvs rdiff -u -r1.12 -r1.13 src/tests/lib/libc/gen/t_vis.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/lib/libc/gen/vis.c
diff -u src/lib/libc/gen/vis.c:1.81 src/lib/libc/gen/vis.c:1.82
--- src/lib/libc/gen/vis.c:1.81 Sat Aug 12 12:48:17 2023
+++ src/lib/libc/gen/vis.c Sat Aug 12 12:48:37 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: vis.c,v 1.81 2023/08/12 12:48:17 riastradh Exp $ */
+/* $NetBSD: vis.c,v 1.82 2023/08/12 12:48:37 riastradh Exp $ */
/*-
* Copyright (c) 1989, 1993
@@ -57,7 +57,7 @@
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
-__RCSID("$NetBSD: vis.c,v 1.81 2023/08/12 12:48:17 riastradh Exp $");
+__RCSID("$NetBSD: vis.c,v 1.82 2023/08/12 12:48:37 riastradh Exp $");
#endif /* LIBC_SCCS and not lint */
#ifdef __FBSDID
__FBSDID("$FreeBSD$");
@@ -396,13 +396,14 @@ static int
istrsenvisx(char **mbdstp, size_t *dlen, const char *mbsrc, size_t mblength,
int flags, const char *mbextra, int *cerr_ptr)
{
+ char mbbuf[MB_LEN_MAX];
wchar_t *dst, *src, *pdst, *psrc, *start, *extra;
size_t len, olen;
uint64_t bmsk, wmsk;
wint_t c;
visfun_t f;
int clen = 0, cerr, error = -1, i, shft;
- char *mbdst, *mdst;
+ char *mbdst, *mbwrite, *mdst;
size_t mbslength;
size_t maxolen;
mbstate_t mbstate;
@@ -579,8 +580,33 @@ istrsenvisx(char **mbdstp, size_t *dlen,
olen = 0;
memset(&mbstate, 0, sizeof(mbstate));
for (dst = start; len > 0; len--) {
- if (!cerr)
- clen = wcrtomb(mbdst, *dst, &mbstate);
+ if (!cerr) {
+ /*
+ * If we have at least MB_CUR_MAX bytes in the buffer,
+ * we'll just do the conversion in-place into mbdst. We
+ * need to be a little more conservative when we get to
+ * the end of the buffer, as we may not have MB_CUR_MAX
+ * bytes but we may not need it.
+ */
+ if (maxolen - olen > MB_CUR_MAX)
+ mbwrite = mbdst;
+ else
+ mbwrite = mbbuf;
+ clen = wcrtomb(mbwrite, *dst, &mbstate);
+ if (clen > 0 && mbwrite != mbdst) {
+ /*
+ * Don't break past our output limit, noting
+ * that maxolen includes the nul terminator so
+ * we can't write past maxolen - 1 here.
+ */
+ if (olen + clen >= maxolen) {
+ errno = ENOSPC;
+ goto out;
+ }
+
+ memcpy(mbdst, mbwrite, clen);
+ }
+ }
if (cerr || clen < 0) {
/*
* Conversion error, process as a byte(s) instead.
@@ -595,16 +621,27 @@ istrsenvisx(char **mbdstp, size_t *dlen,
shft = i * NBBY;
bmsk = (uint64_t)0xffLL << shft;
wmsk |= bmsk;
- if ((*dst & wmsk) || i == 0)
+ if ((*dst & wmsk) || i == 0) {
+ if (olen + clen + 1 >= maxolen) {
+ errno = ENOSPC;
+ goto out;
+ }
+
mbdst[clen++] = (char)(
(uint64_t)(*dst & bmsk) >>
shft);
+ }
}
cerr = 1;
}
- /* If this character would exceed our output limit, stop. */
- if (olen + clen > maxolen)
- break;
+
+ /*
+ * We'll be dereferencing mbdst[clen] after this to write the
+ * nul terminator; the above paths should have checked for a
+ * possible overflow already.
+ */
+ assert(olen + clen < maxolen);
+
/* Advance output pointer by number of bytes written. */
mbdst += clen;
/* Advance buffer character pointer. */
Index: src/tests/lib/libc/gen/t_vis.c
diff -u src/tests/lib/libc/gen/t_vis.c:1.12 src/tests/lib/libc/gen/t_vis.c:1.13
--- src/tests/lib/libc/gen/t_vis.c:1.12 Sat Aug 12 12:46:16 2023
+++ src/tests/lib/libc/gen/t_vis.c Sat Aug 12 12:48:37 2023
@@ -1,4 +1,4 @@
-/* $NetBSD: t_vis.c,v 1.12 2023/08/12 12:46:16 riastradh Exp $ */
+/* $NetBSD: t_vis.c,v 1.13 2023/08/12 12:48:37 riastradh Exp $ */
/*-
* Copyright (c) 2002 The NetBSD Foundation, Inc.
@@ -211,8 +211,6 @@ ATF_TC_BODY(strvis_overflow_mb, tc)
unsigned i;
int n;
- atf_tc_expect_fail("PR lib/57573: Overflow possibilities in vis(3)");
-
setlocale(LC_CTYPE, "en_US.UTF-8");
for (i = 0; i < sizeof(dst) - 1; i++) {
@@ -251,8 +249,6 @@ ATF_TC_BODY(strvis_overflow_c, tc)
unsigned i;
int n;
- atf_tc_expect_fail("PR lib/57573: Overflow possibilities in vis(3)");
-
for (i = 0; i < sizeof(dst) - 1; i++) {
memset(dst, STRVIS_OVERFLOW_MARKER, sizeof(dst));
n = strnvis(dst, i, src, VIS_SAFE | VIS_NOLOCALE);
