[PATCH 0/1] MR8543: cmd: Fix out-of-bound access when handling tilde modifiers.
wcschr(str, 0) returns the end of the string, not NULL. -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8543
From: Yuxuan Shui <yshui(a)codeweavers.com> wcschr(str, 0) returns the end of the string, not NULL. --- programs/cmd/batch.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/programs/cmd/batch.c b/programs/cmd/batch.c index 28ecf917ed3..c5a0763c81f 100644 --- a/programs/cmd/batch.c +++ b/programs/cmd/batch.c @@ -387,7 +387,7 @@ void WCMD_HandleTildeModifiers(WCHAR **start, BOOL atExecute) BOOL doneModifier = FALSE; /* Search forwards until find invalid character modifier */ - for (; wcschr(validmodifiers, towlower(*lastModifier)); lastModifier = pos++) { + for (; *lastModifier && wcschr(validmodifiers, towlower(*lastModifier)); lastModifier = pos++) { /* Special case '$' to skip until : found */ if (*lastModifier == L'$') { if (!(pos = wcschr(pos, L':'))) return; /* Invalid syntax */ -- GitLab https://gitlab.winehq.org/wine/wine/-/merge_requests/8543
LGTM two possible changes: * while rewriting code in cmd.exe, we tend to use 4 space indentation, and have opening curly brackets alone on their lines * for readability, we could not use 'pos' in the loop and do something like ``` /* Search forwards until find invalid character modifier */ for (lastModifier = firstModifier; *lastModifier && wcschr(validmodifiers, towlower(*lastModifier)); lastModifier++) { /* Special case '$' to skip until : found */ if (*lastModifier == L'$' && !(lastModifier = wcschr(lastModifier + 1, L':'))) return; /* Invalid syntax */ } ``` anyway, this function function will need some care (and reading the code, I really wonder if it always does what it's supposed to do, but more tests are needed, and this goes way beyond the aim of this MR) -- https://gitlab.winehq.org/wine/wine/-/merge_requests/8543#note_109658
participants (3)
-
eric pouech (@epo) -
Yuxuan Shui
-
Yuxuan Shui (@yshui)