From 8464908a47427059fadc4ac7cac8a4e235539ad7 Mon Sep 17 00:00:00 2001 From: op Date: Mon, 17 Apr 2023 15:18:25 +0000 Subject: [PATCH] fix buffer overflow in displaymatch(); ok/tweak tb@ --- usr.bin/mg/match.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/usr.bin/mg/match.c b/usr.bin/mg/match.c index cc293f1d8a9..acb814e3b9d 100644 --- a/usr.bin/mg/match.c +++ b/usr.bin/mg/match.c @@ -1,4 +1,4 @@ -/* $OpenBSD: match.c,v 1.23 2023/04/17 09:49:04 op Exp $ */ +/* $OpenBSD: match.c,v 1.24 2023/04/17 15:18:25 op Exp $ */ /* This file is in the public domain. */ @@ -168,17 +168,23 @@ displaymatch(struct line *clp, int cbo) /* match is not in this window, so display line in echo area */ bufo = 0; for (cp = 0; cp < llength(clp); cp++) { + if (bufo >= sizeof(buf) - 1) + break; + c = lgetc(clp, cp); - if (c != '\t') + if (c != '\t') { if (ISCTRL(c)) { + if (bufo >= sizeof(buf) - 3) + break; buf[bufo++] = '^'; buf[bufo++] = CCHR(c); } else buf[bufo++] = c; - else + } else { do { buf[bufo++] = ' '; - } while (bufo & 7); + } while ((bufo & 7) && bufo < sizeof(buf) - 1); + } } buf[bufo++] = '\0'; ewprintf("Matches %s", buf); -- 2.20.1