[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


From: Igor Bogomazov
Subject: wadd_wchnstr
Date: Sat, 11 Mar 2006 15:33:51 +0300
User-agent: Mutt/1.5.11+cvs20060126

This is a loop condition of waddnwstr [lib_addstr.c: 230]:

((n-- > 0) && (*str != L('\0')))

All right. The L'\0' checking is here.

This is a loop condition of wadd_wchnstr [lib_addstr.c: 178]:

(i < n && x <= win->_maxx)

It causes reading beyond of the astr bounds when n == INT_MAX and string length
less then window width. (if n == -1 it's OK)

(x + len - 1 <= win->_maxx) will point to the character position just before
L'\0', meantime astr[i] == L'\0' and loop will not break.

I did not tested but suppose waddchnstr has the same problem.

Best regards,

Bogomazov Igor

reply via email to

[Prev in Thread] Current Thread [Next in Thread]