mike-jumper commented on code in PR #395:
URL: https://github.com/apache/guacamole-server/pull/395#discussion_r992560471
##########
src/terminal/terminal.c:
##########
@@ -2165,11 +2166,19 @@ void guac_terminal_clipboard_reset(guac_terminal*
terminal,
void guac_terminal_clipboard_append(guac_terminal* terminal,
const char* data, int length) {
- guac_common_clipboard_append(terminal->clipboard, data, length);
+
+ char output_data[length];
+ char* output = output_data;
Review Comment:
While `guac_common_clipboard_append()` will be inherently bounded by the
remaining clipboard length, this will be limited only by the inherent
per-instruction size limits on received `blob` instructions. Rather than trust
the received `length`, especially for something that's likely allocated on the
stack, I think we should enforce an upper bound here.
For example:
https://github.com/apache/guacamole-server/blob/d8073f9b17c3cb09b79591dbe3d0de82f0ae7004/src/common/clipboard.c#L152-L155
Alternatively, if we altered `guac_common_clipboard_append()` to accept an
input encoding (`guac_iconv()` reader), then that could directly perform this
conversion instead of its existing `memcpy()` for cases where the input is not
`GUAC_READ_UTF8`, and we avoid the intermediate buffer entirely.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
