($INBOX_DIR/description missing)
 help / color / mirror / Atom feed
From: Grant Erickson <gerickson@nuovations.com>
To: ell@lists.linux.dev
Cc: Marcel Holtmann <marcel@holtmann.org>
Subject: [RFC PATCH v5] edit: improve error handling of 'mbstowcs' and 'wcstombs' functions.
Date: Thu,  4 Apr 2024 17:20:11 -0700	[thread overview]
Message-ID: <20240405002011.3480886-9-gerickson@nuovations.com> (raw)
In-Reply-To: <20240405002011.3480886-1-gerickson@nuovations.com>

On error, the 'mbstowcs' and 'wcstombs' functions could return
'SIZE_MAX' when uncountering unconvertable character sequences.

Ensure that such errors are not obscured and are passed along to the
caller.
---
 ell/edit.c | 53 ++++++++++++++++++++++++++++++++++++++++++++---------
 1 file changed, 44 insertions(+), 9 deletions(-)

diff --git a/ell/edit.c b/ell/edit.c
index 6747f92e289e..5551ae52bfdb 100644
--- a/ell/edit.c
+++ b/ell/edit.c
@@ -104,10 +104,16 @@ static void reset_input_buf(struct input_buf *buf, const char *input)
 	if (input) {
 		size_t len;
 
-		/* Calculate the required size of the wide character string
-		 * including its terminating null character.
+		/* Calculate the required size of the wide character string.
 		 */
-		len = mbstowcs(NULL, input, 0) + 1;
+		len = mbstowcs(NULL, input, 0);
+		if (len == SIZE_MAX)
+			return;
+
+		/* Increase the size of the wide character string by one to
+		 * cover its terminating null character.
+		 */
+		len += 1;
 
 		/* If the current buffer is to small, then allocate a new
 		 * one and free the previous one. Since in most cases the
@@ -125,6 +131,9 @@ static void reset_input_buf(struct input_buf *buf, const char *input)
 		 * and then move the cursor to the end.
 		 */
 		buf->len = mbstowcs(buf->buf, input, buf->size);
+		if (buf->len == SIZE_MAX)
+			return;
+
 		buf->pos = buf->len;
 	} else {
 		/* Reset the main item to an empty string */
@@ -197,6 +206,7 @@ static void update_debug(struct l_edit *edit)
 	struct l_string *str;
 	char *tmp;
 	size_t len;
+    size_t status;
 	unsigned int pos = 0;
 
 	if (!edit->debug_handler)
@@ -218,9 +228,14 @@ static void update_debug(struct l_edit *edit)
 
 	buf = edit->head;
 	while (buf) {
-		len = wcstombs(NULL, buf->buf, 0) + 1;
+		len = wcstombs(NULL, buf->buf, 0);
+		if (len == SIZE_MAX)
+			return;
+		len += 1;
 		tmp = l_malloc(len);
-		wcstombs(tmp, buf->buf, len);
+		status = wcstombs(tmp, buf->buf, len);
+		if (status == SIZE_MAX)
+			return;
 		l_string_append_printf(str, "%3u %s\n", pos, tmp);
 		l_free(tmp);
 		pos++;
@@ -415,9 +430,18 @@ LIB_EXPORT int l_edit_enter(struct l_edit *edit, char **line)
 	/* Convert the wide character string into the multibyte string
 	 * representation like UTF-8 for example.
 	 */
-	len = wcstombs(NULL, edit->main->buf, 0) + 1;
+	len = wcstombs(NULL, edit->main->buf, 0);
+	if (len == SIZE_MAX)
+		return -EILSEQ;
+
+	len += 1;
+
 	str = l_malloc(len);
-	wcstombs(str, edit->main->buf, len);
+	if (!str)
+		return -ENOMEM;
+
+	if (wcstombs(str, edit->main->buf, len) == SIZE_MAX)
+		return -EILSEQ;
 
 	if (edit->main->len > 0) {
 		/* If the current entered item is different from the first
@@ -775,10 +799,21 @@ LIB_EXPORT int l_edit_history_save(struct l_edit *edit, const char *pathname)
 	while (buf) {
 		char *tmp;
 		size_t len;
+		size_t status;
 
-		len = wcstombs(NULL, buf->buf, 0) + 1;
+		len = wcstombs(NULL, buf->buf, 0);
+		if (len == SIZE_MAX) {
+			close(fd);
+			return -EILSEQ;
+		}
+		len += 1;
 		tmp = l_malloc(len);
-		wcstombs(tmp, buf->buf, len);
+		status = wcstombs(tmp, buf->buf, len);
+		if (status == SIZE_MAX) {
+			l_free(tmp);
+			close(fd);
+			return -EILSEQ;
+		}
 		dprintf(fd, "%s\n", tmp);
 		l_free(tmp);
 
-- 
2.42.0


      parent reply	other threads:[~2024-04-05  0:20 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-04-05  0:20 [RFC PATCH v5] Line Editor Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] edit: Initial revision Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] ell: Add include directive for 'ell/edit.h' Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] ell/Makefile: Added 'edit.[ch]' to HEADERS and SOURCES Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] edit: Added 'l_edit_*' symbols Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] edit: pass the l_edit instance to the display and debug handlers Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] edit: change return signatures from 'bool' to 'int' Grant Erickson
2024-04-05  0:20 ` [RFC PATCH v5] edit: change the 'l_edit_enter' return signature from 'char *' " Grant Erickson
2024-04-05  0:20 ` Grant Erickson [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20240405002011.3480886-9-gerickson@nuovations.com \
    --to=gerickson@nuovations.com \
    --cc=ell@lists.linux.dev \
    --cc=marcel@holtmann.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).