diff options
author | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-18 21:07:53 +0000 |
---|---|---|
committer | Kristaps Dzonsons <kristaps@bsd.lv> | 2014-08-18 21:07:53 +0000 |
commit | 84681e5d410cace6dac2874e7e602ab1848c0d89 (patch) | |
tree | 132f792c39280d07781ec4c835e2798746b01fa4 | |
parent | b1980ad8f95c0b32e91275767b1c1d14b4249195 (diff) | |
download | mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.gz mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.tar.zst mandoc-84681e5d410cace6dac2874e7e602ab1848c0d89.zip |
Control reading off the edge of our buffer in term_flushln().
This happens in specific conditions (trailing whitespace in certain
terminal modes), but in practise, it happens quite often (as reported by
valgrind).
In short, "Nothing about term_flushln() is simple. Srsly!" (schwarze@)
Discussed on tech@, ok schwarze@.
-rw-r--r-- | term.c | 4 |
1 files changed, 2 insertions, 2 deletions
@@ -1,4 +1,4 @@ -/* $Id: term.c,v 1.227 2014/08/10 23:54:41 schwarze Exp $ */ +/* $Id: term.c,v 1.228 2014/08/18 21:07:53 kristaps Exp $ */ /* * Copyright (c) 2008, 2009, 2010, 2011 Kristaps Dzonsons <kristaps@bsd.lv> * Copyright (c) 2010-2014 Ingo Schwarze <schwarze@openbsd.org> @@ -220,7 +220,7 @@ term_flushln(struct termp *p) break; if (' ' == p->buf[i]) { j = i; - while (' ' == p->buf[i]) + while (i < p->col && ' ' == p->buf[i]) i++; dv = (i - j) * (*p->width)(p, ' '); vbl += dv; |