| Message ID | 1314776773-9560-3-git-send-email-crquan@gmail.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Wed, Aug 31, 2011 at 10:46 AM, Cheng Renquan <crquan@gmail.com> wrote: > In case KEY_BACKSPACE / KEY_DC to delete a char, it memmove only > (len-cursor_position+1) bytes; > the default case is to insert a char, it should also memmove exactly > (len-cursor_position+1) bytes; > > the original use of (len+1) is wrong and may access following memory > that doesn't belong to result, may cause SegFault in theory; > > case KEY_BACKSPACE: > if (cursor_position > 0) { > memmove(&result[cursor_position-1], > &result[cursor_position], > len-cursor_position+1); > cursor_position--; > } > break; > case KEY_DC: > if (cursor_position >= 0 && cursor_position < len) { > memmove(&result[cursor_position], > &result[cursor_position+1], > len-cursor_position+1); > } > break; > default: > if ((isgraph(res) || isspace(res)) && > len-2 < result_len) { > /* insert the char at the proper position */ > memmove(&result[cursor_position+1], > &result[cursor_position], > len-cursor_position+1); > result[cursor_position] = res; > cursor_position++; > } > > Signed-off-by: Cheng Renquan <crquan@gmail.com> > --- > scripts/kconfig/nconf.gui.c | 2 +- > 1 files changed, 1 insertions(+), 1 deletions(-) > > diff --git a/scripts/kconfig/nconf.gui.c b/scripts/kconfig/nconf.gui.c > index d3af04e..3ce2a7c 100644 > --- a/scripts/kconfig/nconf.gui.c > +++ b/scripts/kconfig/nconf.gui.c > @@ -457,7 +457,7 @@ int dialog_inputbox(WINDOW *main_window, > /* insert the char at the proper position */ > memmove(&result[cursor_position+1], > &result[cursor_position], > - len+1); > + len-cursor_position+1); > result[cursor_position] = res; > cursor_position++; > } else { > -- > 1.7.6 > > Acked-by: Nir Tzachar <nir.tzachar@gmail.com> -- To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/scripts/kconfig/nconf.gui.c b/scripts/kconfig/nconf.gui.c index d3af04e..3ce2a7c 100644 --- a/scripts/kconfig/nconf.gui.c +++ b/scripts/kconfig/nconf.gui.c @@ -457,7 +457,7 @@ int dialog_inputbox(WINDOW *main_window, /* insert the char at the proper position */ memmove(&result[cursor_position+1], &result[cursor_position], - len+1); + len-cursor_position+1); result[cursor_position] = res; cursor_position++; } else {
In case KEY_BACKSPACE / KEY_DC to delete a char, it memmove only (len-cursor_position+1) bytes; the default case is to insert a char, it should also memmove exactly (len-cursor_position+1) bytes; the original use of (len+1) is wrong and may access following memory that doesn't belong to result, may cause SegFault in theory; case KEY_BACKSPACE: if (cursor_position > 0) { memmove(&result[cursor_position-1], &result[cursor_position], len-cursor_position+1); cursor_position--; } break; case KEY_DC: if (cursor_position >= 0 && cursor_position < len) { memmove(&result[cursor_position], &result[cursor_position+1], len-cursor_position+1); } break; default: if ((isgraph(res) || isspace(res)) && len-2 < result_len) { /* insert the char at the proper position */ memmove(&result[cursor_position+1], &result[cursor_position], len-cursor_position+1); result[cursor_position] = res; cursor_position++; } Signed-off-by: Cheng Renquan <crquan@gmail.com> --- scripts/kconfig/nconf.gui.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)