Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Opening the help screen corrupts global variables #1768

Closed
9 tasks done
r-darwish opened this issue Nov 20, 2023 · 4 comments · Fixed by #1769
Closed
9 tasks done

Opening the help screen corrupts global variables #1768

r-darwish opened this issue Nov 20, 2023 · 4 comments · Fixed by #1769
Labels
bug

Comments

@r-darwish
Copy link

r-darwish commented Nov 20, 2023
edited
Loading

Environment details (Put x in the checkbox along with the information)

  • Operating System: macOS 13.6.1 (22G313) (Intel CPU)
  • Desktop Environment: macOS
  • Terminal Emulator: kitty
  • Shell: zsh
  • Custom desktop opener (if applicable):
  • Program options used: default
  • Configuration options set: default
  • Plugins are installed: None
  • Issue exists on nnn master: yes

Exact steps to reproduce the issue

  1. Open nnn
  2. Launch the help screen with ?
  3. Quit with q
nnn(94221,0x7ff854795700) malloc: *** error for object 0x2020202020202020: pointer being freed was not allocated
nnn(94221,0x7ff854795700) malloc: *** set a breakpoint in malloc_error_break to debug
zsh: abort      ./nnn

The problem occur here:

nnn/src/nnn.c

Lines 5175 to 5186 in 744a755

for (const char *s = helpstr; s < end; ++s) {
if (hex) {
for (int k = 0, n = xchartohex(*s); k < n; ++k) *w++ = ' ';
} else if (*s == '%') {
int n = ((s[1] - '0') * 10) + (s[2] - '0');
for (int k = 0; k < n; ++k) *w++ = ' ';
s += 2;
} else {
*w++ = *s;
}
hex = *s == '\n';
}

as g_buf isn't large enough to contain the entire help output, so it starts overriding the value in other global variables
@r-darwish r-darwish added the bug label Nov 20, 2023
@r-darwish r-darwish changed the title Opening the help screen causes a double free when quitting Opening the help screen corrupts global variables Nov 20, 2023
@N-R-K
Copy link
Collaborator

N-R-K commented Nov 21, 2023

as g_buf isn't large enough to contain the entire help output

What's the size of g_buf for you? I suspect macos has PATH_MAX and/or NAME_MAX set to really low values.

@r-darwish
Copy link
Author

1536 bytes

image

@jarun
Copy link
Owner

jarun commented Nov 21, 2023

I think we need to have a guard against crossing the length.
Can someone raise a PR?

@N-R-K
Copy link
Collaborator

N-R-K commented Nov 21, 2023

I'll fix it soon and send a PR.

N-R-K added a commit to N-R-K/nnn that referenced this issue Nov 21, 2023
@N-R-K
fix buffer overflow on certain platforms
3665541 
the size of g_buf depends on PATH_MAX and NAME_MAX which on certain
platforms (such as mac) might not be big enough to decode the help
string. use an explicit buffer with proper size instead.

Closes: jarun#1768
@N-R-K N-R-K mentioned this issue Nov 21, 2023
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Dec 22, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix buffer overflow on certain platforms N-R-K/nnn
3 participants
@r-darwish @jarun @N-R-K