From 9a20db4b5257d56d2d6030a20ad42f5e0dc9f25b Mon Sep 17 00:00:00 2001 From: Robin Haberkorn Date: Mon, 28 Nov 2022 06:05:48 +0300 Subject: fixed a number of crashes due to empty string arguments or uninitialized registers * An empty but valid teco_string_t can contain NULL pointers. More precisely, a state's done_cb() can be invoked with such empty strings in case of empty string arguments. Also a registers get_string() can return the NULL pointer for existing registers with uninitialized string parts. * In all of these cases, the language should treat "uninitialized" strings exactly like empty strings. * Not doing so, resulted in a number of vulnerabilities. * EN$$ crashed if "_" was uninitialized * The ^E@q and ^ENq string building constructs would crash for existing but uninitialized registers q. * ?$ would crash * ESSETILEXER$$ would crash * This is now fixed. Test cases have been added. * I cannot guarantee that I have found all such cases. Generally, it might be wise to change our definitions and make sure that every teco_string_t must have an associated heap object to be valid. All functions returning pointer+length pairs should consequently also never return NULL pointers. --- src/qreg.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/qreg.c') diff --git a/src/qreg.c b/src/qreg.c index e07bf9e..ce545cc 100644 --- a/src/qreg.c +++ b/src/qreg.c @@ -490,6 +490,7 @@ teco_qreg_workingdir_set_string(teco_qreg_t *qreg, const gchar *str, gsize len, "Directory contains null-character"); return FALSE; } + g_assert(dir.data != NULL); int ret = g_chdir(dir.data); if (ret) { -- cgit v1.2.3