packages/git
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
git/backport-CVE-2022-41903-utf8-fix-returning-negative-string-width.patch
fly_fzc d11f2884e5 Fix CVE-2022-23521 CVE-2022-41903 
(cherry picked from commit df506cf2f7ba0d39fd1e45649c252bfd23fadd6e)
2023-01-28 10:25:57 +08:00

64 lines
2.2 KiB
Diff
Raw Blame History

From 17d23e8a3812a5ca3dd6564e74d5250f22e5d76d Mon Sep 17 00:00:00 2001
From: Patrick Steinhardt <ps@pks.im>
Date: Thu, 1 Dec 2022 15:47:00 +0100
Subject: [PATCH] utf8: fix returning negative string width
The `utf8_strnwidth()` function calls `utf8_width()` in a loop and adds
its returned width to the end result. `utf8_width()` can return `-1`
though in case it reads a control character, which means that the
computed string width is going to be wrong. In the worst case where
there are more control characters than non-control characters, we may
even return a negative string width.
Fix this bug by treating control characters as having zero width.
Signed-off-by: Patrick Steinhardt <ps@pks.im>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---
t/t4205-log-pretty-formats.sh | 6 ++++++
utf8.c | 8 ++++++--
2 files changed, 12 insertions(+), 2 deletions(-)
diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh
index c88b64d08b..e3905baa3c 100755
--- a/t/t4205-log-pretty-formats.sh
+++ b/t/t4205-log-pretty-formats.sh
@@ -899,6 +899,12 @@ test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping dire
test_cmp expect error
'
+test_expect_success 'log --pretty with padding and preceding control chars' '
+ printf "\20\20 0" >expect &&
+ git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual &&
+ test_cmp expect actual
+'
+
test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' '
# We only assert that this command does not crash. This needs to be
# executed with the address sanitizer to demonstrate failure.
diff --git a/utf8.c b/utf8.c
index 504e517c34..6a21fd6a7b 100644
--- a/utf8.c
+++ b/utf8.c
@@ -212,11 +212,15 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi)
const char *orig = string;
while (string && string < orig + len) {
- int skip;
+ int glyph_width, skip;
+
while (skip_ansi &&
(skip = display_mode_esc_sequence_len(string)) != 0)
string += skip;
- width += utf8_width(&string, NULL);
+
+ glyph_width = utf8_width(&string, NULL);
+ if (glyph_width > 0)
+ width += glyph_width;
}
return string ? width : len;
}
--
2.27.0
Reference in New Issue View Git Blame Copy Permalink