File ncurses-6.1-bsc1220061.patch of Package ncurses.35592
From ncurses-6.4-20230615.patch
improve checks in convert_string() for corrupt terminfo entry
---
ncurses/tinfo/read_entry.c | 67 ++++++++++++++++++++++++++++++---------------
1 file changed, 46 insertions(+), 21 deletions(-)
--- ncurses/tinfo/read_entry.c
+++ ncurses/tinfo/read_entry.c 2024-02-19 10:10:00.838226984 +0000
@@ -139,12 +139,13 @@ convert_16bits(char *buf, NCURSES_INT2 *
}
#endif
-static void
-convert_strings(char *buf, char **Strings, int count, int size, char *table)
+static bool
+convert_strings(char *buf, char **Strings, int count, int size,
+ char *table, bool always)
{
int i;
char *p;
- bool corrupt = FALSE;
+ bool success = TRUE;
for (i = 0; i < count; i++) {
if (IS_NEG1(buf + 2 * i)) {
@@ -160,26 +161,38 @@ convert_strings(char *buf, char **String
TR(TRACE_DATABASE, ("Strings[%d] = %s", i,
_nc_visbuf(Strings[i])));
} else {
- if (!corrupt) {
- corrupt = TRUE;
- TR(TRACE_DATABASE,
- ("ignore out-of-range index %d to Strings[]", nn));
- _nc_warning("corrupt data found in convert_strings");
- }
- Strings[i] = ABSENT_STRING;
+ TR(TRACE_DATABASE,
+ ("found out-of-range index %d to Strings[%d]", nn, i));
+ success = FALSE;
+ break;
}
}
/* make sure all strings are NUL terminated */
if (VALID_STRING(Strings[i])) {
- for (p = Strings[i]; p <= table + size; p++)
+ for (p = Strings[i]; p < table + size; p++)
if (*p == '\0')
break;
/* if there is no NUL, ignore the string */
- if (p > table + size)
+ if (p >= table + size) {
Strings[i] = ABSENT_STRING;
+ } else if (p == Strings[i] && always) {
+ TR(TRACE_DATABASE,
+ ("found empty but required Strings[%d]", i));
+ success = FALSE;
+ break;
+ }
+ } else if (always) { /* names are always needed */
+ TR(TRACE_DATABASE,
+ ("found invalid but required Strings[%d]", i));
+ success = FALSE;
+ break;
}
}
+ if (!success) {
+ _nc_warning("corrupt data found in convert_strings");
+ }
+ return success;
}
static int
@@ -380,7 +393,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
if (Read(string_table, (unsigned) str_size) != str_size) {
returnDB(TGETENT_NO);
}
- convert_strings(buf, ptr->Strings, str_count, str_size, string_table);
+ if (!convert_strings(buf, ptr->Strings, str_count, str_size,
+ string_table, FALSE)) {
+ returnDB(TGETENT_NO);
+ }
}
#if NCURSES_XNAMES
@@ -472,8 +488,10 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
TR(TRACE_DATABASE,
("Before computing extended-string capabilities str_count=%d, ext_str_count=%d",
str_count, ext_str_count));
- convert_strings(buf, ptr->Strings + str_count, ext_str_count,
- ext_str_limit, ptr->ext_str_table);
+ if (!convert_strings(buf, ptr->Strings + str_count, ext_str_count,
+ ext_str_limit, ptr->ext_str_table, FALSE)) {
+ returnDB(TGETENT_NO);
+ }
for (i = ext_str_count - 1; i >= 0; i--) {
TR(TRACE_DATABASE, ("MOVE from [%d:%d] %s",
i, i + str_count,
@@ -497,10 +515,13 @@ _nc_read_termtype(TERMTYPE2 *ptr, char *
TR(TRACE_DATABASE,
("ext_NAMES starting @%d in extended_strings, first = %s",
base, _nc_visbuf(ptr->ext_str_table + base)));
- convert_strings(buf + (2 * ext_str_count),
- ptr->ext_Names,
- (int) need,
- ext_str_limit, ptr->ext_str_table + base);
+ if (!convert_strings(buf + (2 * ext_str_count),
+ ptr->ext_Names,
+ (int) need,
+ ext_str_limit, ptr->ext_str_table + base,
+ TRUE)) {
+ returnDB(TGETENT_NO);
+ }
}
TR(TRACE_DATABASE,
