Follow-up Comment #8, bug #54126 (project wget):
Sorry, i was wrong (
when progress fuzzed with defined USE_NLS_PROGRESS_BAR crash happens if
filename contain ctrl chars after invalid mbc.
_(it may be reprodused on released build:_
_wget $url -O $filename_
_where $filename contains: \255 many \2 \255 (who knows, maybe this could
happen)_
_restrict_files_ctrl doesnt affect on -O option)_
the reason we get negative padding is because count_cols () and
cols_to_bytes() count cols in two different ways:
(count_cols() after invalid mbc simply add the rest bytes in string[it may
cause problem wo ctrl char], cols_to_bytes() continue counting & skips ctrl
chars [mb_width()=0])
if we make count_cols() like cols_to_bytes() assert will be passed, but we
still can get buffer overflow
padding=bp->width-count_cols (bp->buffer);
memset (p, ' ', padding);
padding will be too long (in buffer we already have space occuped by ctrl
chars).
it may be fixed by copy filename and replacing non printable chars in filename
with hexdgt code, or just removing them.
(ideally, like you say scrolling has to be rewritten, but ctrl chars must be
removed anyway)
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?54126>
_______________________________________________
Сообщение отправлено по Savannah
https://savannah.gnu.org/
