summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorailin-nemui <ailin-nemui@users.noreply.github.com>2017-01-03 13:44:58 +0100
committerailin-nemui <ailin-nemui@users.noreply.github.com>2017-01-03 13:44:58 +0100
commit78ba05985d8fed883a8b26ffef4878acdae58fff (patch)
tree733934527ce98cb4c9ecdd7fb20001650fabcd53 /src
parent01163710e71318c6c2fd3f797f6b878f92b7f97b (diff)
parent7a112e021724af582a06eed8f92fafb772438c13 (diff)
downloadirssi-78ba05985d8fed883a8b26ffef4878acdae58fff.zip
Merge branch 'security' into 'master'
See merge request !7
Diffstat (limited to 'src')
-rw-r--r--src/fe-common/core/formats.c10
-rw-r--r--src/fe-text/term-terminfo.c13
-rw-r--r--src/irc/core/irc-nicklist.c6
-rw-r--r--src/irc/core/irc-queries.c2
4 files changed, 26 insertions, 5 deletions
diff --git a/src/fe-common/core/formats.c b/src/fe-common/core/formats.c
index a58d839a..17c13a97 100644
--- a/src/fe-common/core/formats.c
+++ b/src/fe-common/core/formats.c
@@ -68,7 +68,7 @@ static void format_expand_code(const char **format, GString *out, int *flags)
if (flags == NULL) {
/* flags are being ignored - skip the code */
- while (**format != ']')
+ while (**format != ']' && **format != '\0')
(*format)++;
return;
}
@@ -246,6 +246,10 @@ int format_expand_styles(GString *out, const char **format, int *flags)
case '[':
/* code */
format_expand_code(format, out, flags);
+ if ((*format)[0] == '\0')
+ /* oops, reached end prematurely */
+ (*format)--;
+
break;
case 'x':
case 'X':
@@ -956,6 +960,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
str++;
for (num2 = 0; i_isdigit(*str); str++)
num2 = num2*10 + (*str-'0');
+ if (*str == '\0') return start;
switch (num2) {
case 2:
@@ -973,6 +978,8 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
for (; i_isdigit(*str); str++)
num2 = (num2&~0xff) |
(((num2&0xff) * 10 + (*str-'0'))&0xff);
+
+ if (*str == '\0') return start;
}
if (i == -1) break;
@@ -1001,6 +1008,7 @@ static const char *get_ansi_color(THEME_REC *theme, const char *str,
str++;
for (num2 = 0; i_isdigit(*str); str++)
num2 = num2*10 + (*str-'0');
+ if (*str == '\0') return start;
if (num == 38) {
flags &= ~GUI_PRINT_FLAG_COLOR_24_FG;
diff --git a/src/fe-text/term-terminfo.c b/src/fe-text/term-terminfo.c
index b2478c62..3098a4e4 100644
--- a/src/fe-text/term-terminfo.c
+++ b/src/fe-text/term-terminfo.c
@@ -539,9 +539,16 @@ int term_addstr(TERM_WINDOW *window, const char *str)
if (term_type == TERM_TYPE_UTF8) {
while (*ptr != '\0') {
- tmp = g_utf8_get_char(ptr);
- len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1;
- ptr = g_utf8_next_char(ptr);
+ tmp = g_utf8_get_char_validated(ptr, -1);
+ /* On utf8 error, treat as single byte and try to
+ continue interpretting rest of string as utf8 */
+ if (tmp == (gunichar)-1 || tmp == (gunichar)-2) {
+ len++;
+ ptr++;
+ } else {
+ len += unichar_isprint(tmp) ? mk_wcwidth(tmp) : 1;
+ ptr = g_utf8_next_char(ptr);
+ }
}
} else
len = raw_len;
diff --git a/src/irc/core/irc-nicklist.c b/src/irc/core/irc-nicklist.c
index b22f3269..1cb1f3e9 100644
--- a/src/irc/core/irc-nicklist.c
+++ b/src/irc/core/irc-nicklist.c
@@ -314,7 +314,11 @@ static void event_whois_ircop(SERVER_REC *server, const char *data)
static void event_nick_invalid(IRC_SERVER_REC *server, const char *data)
{
if (!server->connected)
- server_disconnect((SERVER_REC *) server);
+ /* we used to call server_disconnect but that crashes
+ irssi because of undefined memory access. instead,
+ indicate that the connection should be dropped and
+ let the irc method to the clean-up. */
+ server->connection_lost = server->no_reconnect = TRUE;
}
static void event_nick_in_use(IRC_SERVER_REC *server, const char *data)
diff --git a/src/irc/core/irc-queries.c b/src/irc/core/irc-queries.c
index b611e621..64995ead 100644
--- a/src/irc/core/irc-queries.c
+++ b/src/irc/core/irc-queries.c
@@ -45,6 +45,8 @@ QUERY_REC *irc_query_find(IRC_SERVER_REC *server, const char *nick)
{
GSList *tmp;
+ g_return_val_if_fail(nick != NULL, NULL);
+
for (tmp = server->queries; tmp != NULL; tmp = tmp->next) {
QUERY_REC *rec = tmp->data;