Pass buffer size to mutt_wctoutf8() to prevent crashes if MB_LEN_MAX<6

as pointed out by exg on #mutt. --HG-- branch : HEAD
karelzak · May 5, 2008 · abd81b7 · abd81b7
1 parent 20dd955
commit abd81b7
Show file tree

Hide file tree

Showing 4 changed files with 22 additions and 12 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,12 @@
+2008-04-29 10:44 -0700  David Champion  <dgc@uchicago.edu>  (1de934f1d618)
+
+	* muttlib.c: [9414b9dd36db] broke softfill. (closes #3035)
+
+2008-04-29 10:38 -0700  Wilfried Goesgens  <dothebart@uncensored.citadel.org>  (8017c8074f62)
+
+	* ChangeLog, imap/auth_gss.c: Print GSSAPI status messages to debug
+	log on error.
+
 2008-04-03 17:08 +0200  Miroslav Lichvar  <mlichvar@redhat.com>  (bdd44e92919d)
 
 	* mutt_ssl_gnutls.c: Fix sending long commands when using gnutls.

diff --git a/mbyte.c b/mbyte.c
@@ -104,14 +104,14 @@ void mutt_set_charset (char *charset)
 
 static size_t wcrtomb_iconv (char *s, wchar_t wc, iconv_t cd)
 {
-  char buf[MB_LEN_MAX];
+  char buf[MB_LEN_MAX+1];
   ICONV_CONST char *ib;
   char *ob;
   size_t ibl, obl, r;
 
   if (s)
   {
-    ibl = mutt_wctoutf8 (buf, wc);
+    ibl = mutt_wctoutf8 (buf, wc, sizeof (buf));
     if (ibl == (size_t)(-1))
       return (size_t)(-1);
     ib = buf;
@@ -135,7 +135,7 @@ size_t wcrtomb (char *s, wchar_t wc, mbstate_t *ps)
   /* We only handle stateless encodings, so we can ignore ps. */
 
   if (Charset_is_utf8)
-    return mutt_wctoutf8 (s, wc);
+    return mutt_wctoutf8 (s, wc, MB_LEN_MAX);
   else if (charset_from_utf8 != (iconv_t)(-1))
     return wcrtomb_iconv (s, wc, charset_from_utf8);
   else

diff --git a/protos.h b/protos.h
@@ -388,7 +388,7 @@ void mutt_to_base64 (unsigned char*, const unsigned char*, size_t, size_t);
 int mutt_from_base64 (char*, const char*);
 
 /* utf8.c */
-int mutt_wctoutf8 (char *s, unsigned int c);
+int mutt_wctoutf8 (char *s, unsigned int c, size_t buflen);
 
 #ifdef LOCALES_HACK
 #define IsPrint(c) (isprint((unsigned char)(c)) || \

diff --git a/utf8.c b/utf8.c
@@ -4,32 +4,33 @@
 
 #ifndef HAVE_WC_FUNCS
 
+#include <sys/types.h>
 #include <errno.h>
 
 #ifndef EILSEQ
 #define EILSEQ EINVAL
 #endif
 
-int mutt_wctoutf8 (char *s, unsigned int c)
+int mutt_wctoutf8 (char *s, unsigned int c, size_t buflen)
 {
   if (c < (1 << 7)) 
   {
-    if (s)
+    if (s && buflen >= 1)
       *s++ = c;
     return 1;
   }
   else if (c < (1 << 11))
   {
-    if (s)
-    {
+    if (s && buflen >= 2)
+     {
       *s++ = 0xc0 | (c >> 6);
       *s++ = 0x80 | (c & 0x3f);
     }
     return 2;
   }
   else if (c < (1 << 16))
   {
-    if (s)
+    if (s && buflen >= 3)
     {
       *s++ = 0xe0 | (c >> 12);
       *s++ = 0x80 | ((c >> 6) & 0x3f);
@@ -39,7 +40,7 @@ int mutt_wctoutf8 (char *s, unsigned int c)
   }
   else if (c < (1 << 21))
   {
-    if (s)
+    if (s && buflen >= 4)
     {
       *s++ = 0xf0 | (c >> 18);
       *s++ = 0x80 | ((c >> 12) & 0x3f);
@@ -50,7 +51,7 @@ int mutt_wctoutf8 (char *s, unsigned int c)
   }
   else if (c < (1 << 26))
   {
-    if (s)
+    if (s && buflen >= 5)
     {
       *s++ = 0xf8 | (c >> 24);
       *s++ = 0x80 | ((c >> 18) & 0x3f);
@@ -62,7 +63,7 @@ int mutt_wctoutf8 (char *s, unsigned int c)
   }
   else if (c < (1 << 31))
   {
-    if (s)
+    if (s && buflen >= 6)
     {
       *s++ = 0xfc | (c >> 30);
       *s++ = 0x80 | ((c >> 24) & 0x3f);