File xterm-CVE-2021-27135.patch of Package xterm.26531
Index: xterm-330/button.c
===================================================================
--- xterm-330.orig/button.c
+++ xterm-330/button.c
@@ -3798,6 +3798,7 @@ SaltTextAway(XtermWidget xw,
TScreen *screen = TScreenOf(xw);
int i, j = 0;
int eol;
+ size_t have = 0;
Char *line;
Char *lp;
CELL first = *cellc;
@@ -3823,7 +3824,11 @@ SaltTextAway(XtermWidget xw,
/* UTF-8 may require more space */
if_OPT_WIDE_CHARS(screen, {
- j *= 4;
+ if (j > 0) {
+ if (screen->max_combining > 0)
+ j += screen->max_combining;
+ j *= 6;
+ }
});
/* now get some memory to save it in */
@@ -3860,10 +3865,25 @@ SaltTextAway(XtermWidget xw,
}
*lp = '\0'; /* make sure we have end marked */
- TRACE(("Salted TEXT:%d:%s\n", (int) (lp - line),
- visibleChars(line, (unsigned) (lp - line))));
-
- screen->selection_length = (unsigned long) (lp - line);
+ have = (size_t) (lp - line);
+ /*
+ * Scanning the buffer twice is unnecessary. Discard unwanted memory if
+ * the estimate is too-far off.
+ */
+ if ((have * 2) < (size_t) j) {
+ Char *next;
+ screen->selection_size = have + 1;
+ next = realloc(line, screen->selection_size);
+ if (next == NULL) {
+ free(line);
+ screen->selection_length = 0;
+ screen->selection_size = 0;
+ }
+ screen->selection_data = next;
+ }
+ screen->selection_length = have;
+ TRACE(("Salted TEXT:%d:%s\n", (int) have,
+ visibleChars(screen->selection_data, (unsigned int) have)));
}
#if OPT_PASTE64