Patrick Williams | 841583d | 2023-05-03 21:37:45 -0500 | [diff] [blame^] | 1 | From 17d23e8a3812a5ca3dd6564e74d5250f22e5d76d Mon Sep 17 00:00:00 2001 |
| 2 | From: Patrick Steinhardt <ps@pks.im> |
| 3 | Date: Thu, 1 Dec 2022 15:47:00 +0100 |
| 4 | Subject: [PATCH 08/12] utf8: fix returning negative string width |
| 5 | |
| 6 | The `utf8_strnwidth()` function calls `utf8_width()` in a loop and adds |
| 7 | its returned width to the end result. `utf8_width()` can return `-1` |
| 8 | though in case it reads a control character, which means that the |
| 9 | computed string width is going to be wrong. In the worst case where |
| 10 | there are more control characters than non-control characters, we may |
| 11 | even return a negative string width. |
| 12 | |
| 13 | Fix this bug by treating control characters as having zero width. |
| 14 | |
| 15 | Signed-off-by: Patrick Steinhardt <ps@pks.im> |
| 16 | Signed-off-by: Junio C Hamano <gitster@pobox.com> |
| 17 | |
| 18 | Upstream-Status: Backport [https://github.com/git/git/commit/17d23e8a3812a5ca3dd6564e74d5250f22e5d76d] |
| 19 | CVE: CVE-2022-41903 |
| 20 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> |
| 21 | --- |
| 22 | t/t4205-log-pretty-formats.sh | 6 ++++++ |
| 23 | utf8.c | 8 ++++++-- |
| 24 | 2 files changed, 12 insertions(+), 2 deletions(-) |
| 25 | |
| 26 | diff --git a/t/t4205-log-pretty-formats.sh b/t/t4205-log-pretty-formats.sh |
| 27 | index 23ac508..261a6f0 100755 |
| 28 | --- a/t/t4205-log-pretty-formats.sh |
| 29 | +++ b/t/t4205-log-pretty-formats.sh |
| 30 | @@ -820,6 +820,12 @@ test_expect_success SIZE_T_IS_64BIT 'log --pretty with overflowing wrapping dire |
| 31 | test_cmp expect error |
| 32 | ' |
| 33 | |
| 34 | +test_expect_success 'log --pretty with padding and preceding control chars' ' |
| 35 | + printf "\20\20 0" >expect && |
| 36 | + git log -1 --pretty="format:%x10%x10%>|(4)%x30" >actual && |
| 37 | + test_cmp expect actual |
| 38 | +' |
| 39 | + |
| 40 | test_expect_success EXPENSIVE,SIZE_T_IS_64BIT 'log --pretty with huge commit message' ' |
| 41 | # We only assert that this command does not crash. This needs to be |
| 42 | # executed with the address sanitizer to demonstrate failure. |
| 43 | diff --git a/utf8.c b/utf8.c |
| 44 | index a66984b..6632bd2 100644 |
| 45 | --- a/utf8.c |
| 46 | +++ b/utf8.c |
| 47 | @@ -212,11 +212,15 @@ int utf8_strnwidth(const char *string, size_t len, int skip_ansi) |
| 48 | const char *orig = string; |
| 49 | |
| 50 | while (string && string < orig + len) { |
| 51 | - int skip; |
| 52 | + int glyph_width, skip; |
| 53 | + |
| 54 | while (skip_ansi && |
| 55 | (skip = display_mode_esc_sequence_len(string)) != 0) |
| 56 | string += skip; |
| 57 | - width += utf8_width(&string, NULL); |
| 58 | + |
| 59 | + glyph_width = utf8_width(&string, NULL); |
| 60 | + if (glyph_width > 0) |
| 61 | + width += glyph_width; |
| 62 | } |
| 63 | return string ? width : len; |
| 64 | } |
| 65 | -- |
| 66 | 2.25.1 |
| 67 | |