[PATCH 1/2] commands: edit: Fix potential out-of-bound access

Jules Maselbas Mon, 31 Mar 2025 10:41:47 -0700

The local lbuf can potentially be left not nul-terminated,
and the tab expension can potentially write out-of-bound.


Signed-off-by: Jules Maselbas <jmasel...@zdiv.net>
---
 commands/edit.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/commands/edit.c b/commands/edit.c
index fcf8ad90f5..3bbe60fdbf 100644
--- a/commands/edit.c
+++ b/commands/edit.c
@@ -53,14 +53,14 @@ static char *screenline(char *line, int *pos)
                return lbuf;
        }
 
-       for (i = 0; outpos < 1024; i++) {
+       for (i = 0; outpos < sizeof(lbuf) - 1; i++) {
                if (i == textx && pos)
                        *pos = outpos;
                if (!line[i])
                        break;
                if (line[i] == '\t') {
                        lbuf[outpos++] = ' ';
-                       while (outpos % TABSPACE)
+                       while (outpos < sizeof(lbuf) - 1 && outpos % TABSPACE)
                                lbuf[outpos++] = ' ';
                        continue;
                }
-- 
2.48.1

[PATCH 1/2] commands: edit: Fix potential out-of-bound access

Reply via email to