[V3,2/5] scripts/kconfig/nconf: fix memmove's length arg

Message ID	1314899542-5848-2-git-send-email-crquan@gmail.com (mailing list archive)
State	New, archived
Headers	show Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by demeter2.kernel.org (8.14.4/8.14.4) with ESMTP id p81Hs85C016137 for <patchwork-kbuild@patchwork.kernel.org>; Thu, 1 Sep 2011 17:54:08 GMT From: crquan@gmail.com To: linux-kbuild@vger.kernel.org, Arnaud Lacombe <lacombar@gmail.com> Cc: Sam Ravnborg <sam@ravnborg.org>, Michal Marek <mmarek@suse.cz>, Nir Tzachar <nir.tzachar@gmail.com>, Randy Dunlap <rdunlap@xenotime.net>, linux-kernel@vger.kernel.org, c.rq541@comcast.net Subject: [PATCH V3 2/5] scripts/kconfig/nconf: fix memmove's length arg Date: Thu, 1 Sep 2011 10:52:19 -0700 Message-Id: <1314899542-5848-2-git-send-email-crquan@gmail.com> In-Reply-To: <1314899542-5848-1-git-send-email-crquan@gmail.com> References: <CAH5vBdKxbaKDrA2gAj5CoDYShN+5dnfu6Bmd=4+oV-XmnYQnFA@mail.gmail.com> <1314899542-5848-1-git-send-email-crquan@gmail.com> Sender: linux-kbuild-owner@vger.kernel.org Precedence: bulk

Message ID

1314899542-5848-2-git-send-email-crquan@gmail.com (mailing list archive)

State

New, archived

Headers

From: crquan@gmail.com
To: linux-kbuild@vger.kernel.org, Arnaud Lacombe <lacombar@gmail.com>
Cc: Sam Ravnborg <sam@ravnborg.org>, Michal Marek <mmarek@suse.cz>,
	Nir Tzachar <nir.tzachar@gmail.com>,
	Randy Dunlap <rdunlap@xenotime.net>, linux-kernel@vger.kernel.org,
	c.rq541@comcast.net
Subject: [PATCH V3 2/5] scripts/kconfig/nconf: fix memmove's length arg
Date: Thu,  1 Sep 2011 10:52:19 -0700
Message-Id: <1314899542-5848-2-git-send-email-crquan@gmail.com>
In-Reply-To: <1314899542-5848-1-git-send-email-crquan@gmail.com>
References: <CAH5vBdKxbaKDrA2gAj5CoDYShN+5dnfu6Bmd=4+oV-XmnYQnFA@mail.gmail.com>
	<1314899542-5848-1-git-send-email-crquan@gmail.com>
Sender: linux-kbuild-owner@vger.kernel.org
Precedence: bulk

Commit Message

Cheng Renquan Sept. 1, 2011, 5:52 p.m. UTC

From: Cheng Renquan <crquan@gmail.com>

In case KEY_BACKSPACE / KEY_DC to delete a char, it memmove only
(len-cursor_position+1) bytes;
the default case is to insert a char, it should also memmove exactly
(len-cursor_position+1) bytes;

the original use of (len+1) is wrong and may access following memory
that doesn't belong to result, may cause SegFault in theory;

	case KEY_BACKSPACE:
		if (cursor_position > 0) {
			memmove(&result[cursor_position-1],
					&result[cursor_position],
					len-cursor_position+1);
			cursor_position--;
		}
		break;
	case KEY_DC:
		if (cursor_position >= 0 && cursor_position < len) {
			memmove(&result[cursor_position],
					&result[cursor_position+1],
					len-cursor_position+1);
		}
		break;
	default:
		if ((isgraph(res) || isspace(res)) &&
				len-2 < result_len) {
			/* insert the char at the proper position */
			memmove(&result[cursor_position+1],
					&result[cursor_position],
					len-cursor_position+1);
			result[cursor_position] = res;
			cursor_position++;
		}

Signed-off-by: Cheng Renquan <crquan@gmail.com>
Acked-by: Nir Tzachar <nir.tzachar@gmail.com>
---
 scripts/kconfig/nconf.gui.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/scripts/kconfig/nconf.gui.c b/scripts/kconfig/nconf.gui.c
index d3af04e..3ce2a7c 100644
--- a/scripts/kconfig/nconf.gui.c
+++ b/scripts/kconfig/nconf.gui.c
@@ -457,7 +457,7 @@  int dialog_inputbox(WINDOW *main_window,
 				/* insert the char at the proper position */
 				memmove(&result[cursor_position+1],
 						&result[cursor_position],
-						len+1);
+						len-cursor_position+1);
 				result[cursor_position] = res;
 				cursor_position++;
 			} else {

[V3,2/5] scripts/kconfig/nconf: fix memmove's length arg

Commit Message

Patch