On Mon, 25 Feb 2019 19:43:36 +0100, Ingo Schwarze wrote:
> Todd C. Miller wrote on Mon, Feb 25, 2019 at 09:45:12AM -0700:
>
> > On Mon, 25 Feb 2019 12:39:41 +0100, Ingo Schwarze wrote:
>
> >> Index: line.c
> [...]
> >> @@ -469,11 +469,10 @@ in_ansi_esc_seq(void)
> >> * Search backwards for either an ESC (which means we ARE in a seq);
> >> * or an end char (which means we're NOT in a seq).
> >> */
> >> - for (p = &linebuf[curr]; p > linebuf; ) {
> >> - LWCHAR ch = step_char(&p, -1, linebuf);
> >> - if (IS_CSI_START(ch))
> >> + for (p = linebuf + curr - 1; p >= linebuf; p--) {
>
> > Since curr can be 0, can this lead to be a single byte underflow?
>
> No, in that case (which logically means the line buffer is empty),
> the end condition p >= linebuf is false right away, the loop
> is never entered, the function returns 0 right away and at the
> call site, the first if brach (containing "curr--") isn't entered
> either.
Strictly speaking, the result of "p = linebuf + curr - 1" is undefined
when curr < 1. There is a special case in the standard when the
result is one past the end of an array but no corresponding case
for one element before the array. In practice, it is unlikely to
matter.
- todd
