diff options
author | Kjell Wooding <kjell@cvs.openbsd.org> | 2009-06-02 17:57:31 +0000 |
---|---|---|
committer | Kjell Wooding <kjell@cvs.openbsd.org> | 2009-06-02 17:57:31 +0000 |
commit | bf57fce309501fcdf7dcb3f41a92d1c7dbfebb7e (patch) | |
tree | 531ba25ebfd3f30af461cba047a4d8030f4771ed /usr.bin/mg/echo.c | |
parent | 19c0c7826ea3250355427723b169e01519f39ebf (diff) |
Fix the long-standing crash when >NXNAME characters were inserted
into minibuffer. Found and fixed by Martynas. Cleaned up
a bit so that error messages display properly in the status line.
Fixes Debian bug #414846
Diffstat (limited to 'usr.bin/mg/echo.c')
-rw-r--r-- | usr.bin/mg/echo.c | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/usr.bin/mg/echo.c b/usr.bin/mg/echo.c index 9740415f513..8901ec90022 100644 --- a/usr.bin/mg/echo.c +++ b/usr.bin/mg/echo.c @@ -1,4 +1,4 @@ -/* $OpenBSD: echo.c,v 1.46 2006/04/02 17:18:58 kjell Exp $ */ +/* $OpenBSD: echo.c,v 1.47 2009/06/02 17:57:30 kjell Exp $ */ /* This file is in the public domain. */ @@ -156,6 +156,8 @@ veread(const char *fp, char *buf, size_t nbuf, int flag, va_list ap) int cc, rr; /* saved ttcol, ttrow */ char *ret; /* return value */ + static char emptyval[] = ""; /* XXX hackish way to return err msg*/ + #ifndef NO_MACRO if (inmacro) { if (dynbuf) { @@ -288,10 +290,14 @@ veread(const char *fp, char *buf, size_t nbuf, int flag, va_list ap) size_t newsize = epos + epos + 16; if ((newp = realloc(buf, newsize)) == NULL) - goto fail; + goto memfail; buf = newp; nbuf = newsize; } + if (!dynbuf && epos + 1 >= nbuf) { + ewprintf("Line too long"); + return (emptyval); + } for (t = epos; t > cpos; t--) buf[t] = buf[t - 1]; buf[cpos++] = (char)y; @@ -342,13 +348,8 @@ veread(const char *fp, char *buf, size_t nbuf, int flag, va_list ap) if (macrodef) { struct line *lp; - if ((lp = lalloc(cpos)) == NULL) { - static char falseval[] = ""; - /* XXX hackish */ - if (dynbuf && buf != NULL) - free(buf); - return (falseval); - } + if ((lp = lalloc(cpos)) == NULL) + goto memfail; lp->l_fp = maclcur->l_fp; maclcur->l_fp = lp; lp->l_bp = maclcur; @@ -446,10 +447,14 @@ veread(const char *fp, char *buf, size_t nbuf, int flag, va_list ap) void *newp; size_t newsize = epos + epos + 16; if ((newp = realloc(buf, newsize)) == NULL) - goto fail; + goto memfail; buf = newp; nbuf = newsize; } + if (!dynbuf && epos + 1 >= nbuf) { + ewprintf("Line too long"); + return (emptyval); + } for (i = epos; i > cpos; i--) buf[i] = buf[i - 1]; buf[cpos++] = (char)c; @@ -473,10 +478,11 @@ done: } } return (ret); -fail: +memfail: + if (dynbuf && buf) + free(buf); ewprintf("Out of memory"); - free(buf); - return (NULL); + return (emptyval); } /* |