Prevent some possible buffer overflows.

git-svn-id: https://geany.svn.sourceforge.net/svnroot/geany/trunk@1171 ea778897-0a13-0410-b9d1-a72fbfd435f5
This commit is contained in:
Nick Treleaven 2007-01-09 16:53:27 +00:00
parent 2ceedcdc7b
commit 15fb502837
4 changed files with 32 additions and 14 deletions

View File

@ -1,3 +1,9 @@
2007-01-09 Nick Treleaven <nick.treleaven@btinternet.com>
* src/utils.c, src/sci_cb.c, src/sciwrappers.c:
Prevent some possible buffer overflows.
2007-01-08 Enrico Tröger <enrico.troeger@uvena.de> 2007-01-08 Enrico Tröger <enrico.troeger@uvena.de>
* doc/geany.docbook, src/keybindings.c, src/keybindings.h: * doc/geany.docbook, src/keybindings.c, src/keybindings.h:

View File

@ -259,7 +259,7 @@ void on_editor_notification(GtkWidget *editor, gint scn, gpointer lscn, gpointer
{ {
gint start, pos = SSM(sci, SCI_GETCURRENTPOS, 0, 0); gint start, pos = SSM(sci, SCI_GETCURRENTPOS, 0, 0);
start = pos; start = pos;
while (sci_get_char_at(sci, --start) != '&') ; while (start > 0 && sci_get_char_at(sci, --start) != '&') ;
SSM(sci, SCI_INSERTTEXT, pos - 1, (sptr_t) nt->text); SSM(sci, SCI_INSERTTEXT, pos - 1, (sptr_t) nt->text);
} }
@ -897,7 +897,7 @@ void sci_cb_auto_forif(gint idx, gint pos)
sci_get_text_range(sci, pos - 16, pos - 1, buf); sci_get_text_range(sci, pos - 16, pos - 1, buf);
// check the first 8 characters of buf for whitespace, but only in this line // check the first 8 characters of buf for whitespace, but only in this line
i = 14; i = 14;
while (isalpha(buf[i])) i--; // find pos before keyword while (i >= 0 && isalpha(buf[i])) i--; // find pos before keyword
while (i >= 0 && buf[i] != '\n' && buf[i] != '\r') // we want to stay in this line('\n' check) while (i >= 0 && buf[i] != '\n' && buf[i] != '\r') // we want to stay in this line('\n' check)
{ {
if (! isspace(buf[i])) if (! isspace(buf[i]))
@ -1177,7 +1177,7 @@ void sci_cb_auto_table(ScintillaObject *sci, gint pos)
x = strlen(indent); x = strlen(indent);
// find the start of the <table tag // find the start of the <table tag
i = 1; i = 1;
while (sci_get_char_at(sci, pos - i) != '<') i++; while (i <= pos && sci_get_char_at(sci, pos - i) != '<') i++;
// add all non whitespace before the tag to the indent string // add all non whitespace before the tag to the indent string
while ((pos - i) != indent_pos) while ((pos - i) != indent_pos)
{ {
@ -1301,12 +1301,17 @@ void sci_cb_do_uncomment(gint idx, gint line)
for (i = first_line; (i <= last_line) && (! break_loop); i++) for (i = first_line; (i <= last_line) && (! break_loop); i++)
{ {
gint buf_len;
line_start = sci_get_position_from_line(doc_list[idx].sci, i); line_start = sci_get_position_from_line(doc_list[idx].sci, i);
line_len = sci_get_line_length(doc_list[idx].sci, i); line_len = sci_get_line_length(doc_list[idx].sci, i);
x = 0; x = 0;
sci_get_text_range(doc_list[idx].sci, line_start, MIN((line_start + 255), (line_start + line_len - 1)), sel); buf_len = MIN((gint)sizeof(sel) - 1, line_len - 1);
sel[MIN(255, (line_len - 1))] = '\0'; if (buf_len <= 0)
break;
sci_get_text_range(doc_list[idx].sci, line_start, line_start + buf_len, sel);
sel[buf_len] = '\0';
while (isspace(sel[x])) x++; while (isspace(sel[x])) x++;
@ -1430,12 +1435,17 @@ void sci_cb_do_comment_toggle(gint idx)
for (i = first_line; (i <= last_line) && (! break_loop); i++) for (i = first_line; (i <= last_line) && (! break_loop); i++)
{ {
gint buf_len;
line_start = sci_get_position_from_line(doc_list[idx].sci, i); line_start = sci_get_position_from_line(doc_list[idx].sci, i);
line_len = sci_get_line_length(doc_list[idx].sci, i); line_len = sci_get_line_length(doc_list[idx].sci, i);
x = 0; x = 0;
sci_get_text_range(doc_list[idx].sci, line_start, MIN((line_start + 255), (line_start + line_len - 1)), sel); buf_len = MIN((gint)sizeof(sel) - 1, line_len - 1);
sel[MIN(255, (line_len - 1))] = '\0'; if (buf_len <= 0)
break;
sci_get_text_range(doc_list[idx].sci, line_start, line_start + buf_len, sel);
sel[buf_len] = '\0';
while (isspace(sel[x])) x++; while (isspace(sel[x])) x++;
@ -1616,17 +1626,18 @@ void sci_cb_do_comment(gint idx, gint line, gboolean allow_empty_lines)
for (i = first_line; (i <= last_line) && (! break_loop); i++) for (i = first_line; (i <= last_line) && (! break_loop); i++)
{ {
gint buf_len;
line_start = sci_get_position_from_line(doc_list[idx].sci, i); line_start = sci_get_position_from_line(doc_list[idx].sci, i);
line_len = sci_get_line_length(doc_list[idx].sci, i); line_len = sci_get_line_length(doc_list[idx].sci, i);
x = 0; x = 0;
sci_get_text_range(doc_list[idx].sci, line_start, MIN((line_start + 256), (line_start + line_len - 1)), sel); buf_len = MIN((gint)sizeof(sel) - 1, line_len - 1);
sel[MIN(256, (line_len - 1))] = '\0'; if (buf_len <= 0)
break;
sci_get_text_range(doc_list[idx].sci, line_start, line_start + buf_len, sel);
sel[buf_len] = '\0';
/// TODO fix the above code to remove the described segfault below
// The following loop causes a segfault when the cursor is on the last line of doc and
// there are no other characters on this line and Geany was compiled with -O2, with -O0
// all works fine.
while (isspace(sel[x])) x++; while (isspace(sel[x])) x++;
// to skip blank lines // to skip blank lines

View File

@ -756,6 +756,7 @@ void sci_clear_cmdkey(ScintillaObject *sci, gint key)
} }
/* text will be zero terminated and must be allocated (end - start + 1) bytes */
void sci_get_text_range(ScintillaObject *sci, gint start, gint end, gchar *text) void sci_get_text_range(ScintillaObject *sci, gint start, gint end, gchar *text)
{ {
struct TextRange tr; struct TextRange tr;

View File

@ -470,7 +470,7 @@ static gchar *parse_cpp_function_at_line(ScintillaObject *sci, gint tag_line)
if (end < 0) end = 0; if (end < 0) end = 0;
// skip whitespaces between identifier and ( // skip whitespaces between identifier and (
while (isspace(sci_get_char_at(sci, end))) end--; while (end > 0 && isspace(sci_get_char_at(sci, end))) end--;
start = end; start = end;
c = 0; c = 0;