xterm/xterm-CVE-2021-27135.patch

57 lines
1.5 KiB
Diff
Raw Normal View History

diff --git a/button.c b/button.c
index ac1f742..4e8554d 100644
--- a/button.c
+++ b/button.c
@@ -3802,6 +3802,7 @@ SaltTextAway(XtermWidget xw,
TScreen *screen = TScreenOf(xw);
int i, j = 0;
int eol;
+ size_t have = 0;
Char *line;
Char *lp;
CELL first = *cellc;
@@ -3827,7 +3828,11 @@ SaltTextAway(XtermWidget xw,
/* UTF-8 may require more space */
if_OPT_WIDE_CHARS(screen, {
- j *= 4;
+ if (j > 0) {
+ if (screen->max_combining > 0)
+ j += screen->max_combining;
+ j *= 6;
+ }
});
/* now get some memory to save it in */
@@ -3864,10 +3869,27 @@ SaltTextAway(XtermWidget xw,
}
*lp = '\0'; /* make sure we have end marked */
- TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line),
- visibleChars(line, (unsigned) (lp - line))));
+ have = (size_t) (lp - line);
+ /*
+ * Scanning the buffer twice is unnecessary. Discard unwanted memory if
+ * the estimate is too-far off.
+ */
+ if ((have * 2) < (size_t) j) {
+ Char *next;
+ screen->selection_size = have + 1;
+ next = realloc(line, screen->selection_size);
+ if (next == NULL) {
+ free(line);
+ screen->selection_length = 0;
+ screen->selection_size = 0;
+ }
+ screen->selection_data = next;
+ }
+
+ screen->selection_length = have;
- screen->selection_length = (unsigned long) (lp - line);
+ TRACE(("Salted TEXT:%u:%s\n", (unsigned) have,
+ visibleChars(screen->selection_data, (unsigned) have)));
}
#if OPT_PASTE64