vis

commit c065aea916e670169caffbbc4656944d0813aee3
parent 761d85fac716eb30ab434ecd5260fd21b5a93aff
Author: Marc André Tanner <mat@brain-dump.org>
Date:   Mon, 12 Mar 2018 00:03:52 +0100

view: fix buffer overflow when dealing with combining characters

The `cell.len` attribute refers to the number of bytes of the underlying
text which are represented by this cell. The actual NUL terminated data
being displayed can have a completely unrelated length.

For example a NUL byte has a `cell.len` of 1, but is displayed as
`cell.data = "^@"`.

Because we currently have a fixed cell capacity of 16 bytes (including
the terminating NUL byte) long sequences of combining characters won't
be displayed correctly.

See also #679

Diffstat:
M
view.c
 | 
7
+++++--

1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/view.c b/view.c
@@ -379,9 +379,12 @@ void view_draw(View *view) {
 				cell.width = 1;
 		}
 
-		if (cell.width == 0 && prev_cell.len + cell.len < sizeof(cell.data)) {
+		if (cell.width == 0) {
+			size_t n = strlen(prev_cell.data), i = 0;
+			while (cell.data[i] && n < sizeof(cell.data)-1)
+				prev_cell.data[n++] = cell.data[i++];
+			prev_cell.data[n] = '\0';
 			prev_cell.len += cell.len;
-			strcat(prev_cell.data, cell.data);
 		} else {
 			if (prev_cell.len && !view_addch(view, &prev_cell))
 				break;