Fossil SCM

Fixing buffer overflows in the width calculation of sbsDiff.

viriketo 2012-10-16 12:18 annotate_links

Commit 314a2943217668521d02470f546d82586ef742b6

Parent 770cf7fc358909c…

1 file changed +8 -4

M src/diff.c

+8 -4

		--- src/diff.c
		+++ src/diff.c
		@@ -494,22 +494,26 @@
494	494	if (w != 0) {
495	495	memcpy(&z[j], ">", 4);
496	496	j += 4;
497	497	}
498	498	}else if( c=='"' && p->escHtml ){
499		- memcpy(&z[j], """, 6);
500		- j += 6;
	499	+ if (w != 0) {
	500	+ memcpy(&z[j], """, 6);
	501	+ j += 6;
	502	+ }
501	503	}else{
502	504	if (w != 0) {
503	505	z[j++] = c;
504	506	}
505	507	if( (c&0xc0)==0x80 ) k--;
506	508	}
507	509	}
508	510	if( needEndSpan ){
509		- memcpy(&z[j], "</span>", 7);
510		- j += 7;
	511	+ if (w != 0) {
	512	+ memcpy(&z[j], "</span>", 7);
	513	+ j += 7;
	514	+ }
511	515	}
512	516
513	517	if (k > maxwidth)
514	518	maxwidth = k;
515	519
516	520

	--- src/diff.c
	+++ src/diff.c
	@@ -494,22 +494,26 @@
494	if (w != 0) {
495	memcpy(&z[j], ">", 4);
496	j += 4;
497	}
498	}else if( c=='"' && p->escHtml ){
499	memcpy(&z[j], """, 6);
500	j += 6;


501	}else{
502	if (w != 0) {
503	z[j++] = c;
504	}
505	if( (c&0xc0)==0x80 ) k--;
506	}
507	}
508	if( needEndSpan ){
509	memcpy(&z[j], "</span>", 7);
510	j += 7;


511	}
512
513	if (k > maxwidth)
514	maxwidth = k;
515
516

	--- src/diff.c
	+++ src/diff.c
	@@ -494,22 +494,26 @@
494	if (w != 0) {
495	memcpy(&z[j], ">", 4);
496	j += 4;
497	}
498	}else if( c=='"' && p->escHtml ){
499	if (w != 0) {
500	memcpy(&z[j], """, 6);
501	j += 6;
502	}
503	}else{
504	if (w != 0) {
505	z[j++] = c;
506	}
507	if( (c&0xc0)==0x80 ) k--;
508	}
509	}
510	if( needEndSpan ){
511	if (w != 0) {
512	memcpy(&z[j], "</span>", 7);
513	j += 7;
514	}
515	}
516
517	if (k > maxwidth)
518	maxwidth = k;
519
520

Keyboard Shortcuts

Open search /

Next entry (timeline) j

Previous entry (timeline) k

Open focused entry Enter

Show this help ?

Toggle theme Top nav button