diff options
| author | antirez <antirez@gmail.com> | 2020-07-02 16:44:48 +0200 |
|---|---|---|
| committer | antirez <antirez@gmail.com> | 2020-07-02 16:44:48 +0200 |
| commit | 7709a04ae8520c5b04d261616098cebf742f5a23 (patch) | |
| tree | f6c3154097ca9aa7f1cf55246f541c9d3a2d44b4 | |
| parent | 0099562d0e79aea0c6deedfa1ee0ef4a3a8883b7 (diff) | |
| download | filo-7709a04ae8520c5b04d261616098cebf742f5a23.tar.gz filo-7709a04ae8520c5b04d261616098cebf742f5a23.zip | |
Fix integer overflow in row allocation. #60.
| -rw-r--r-- | kilo.c | 10 |
1 files changed, 9 insertions, 1 deletions
@@ -553,7 +553,8 @@ void editorSelectSyntaxHighlight(char *filename) { /* Update the rendered version and the syntax highlight of a row. */ void editorUpdateRow(erow *row) { - int tabs = 0, nonprint = 0, j, idx; + unsigned int tabs = 0, nonprint = 0; + int j, idx; /* Create a version of the row we can directly print on the screen, * respecting tabs, substituting non printable characters with '?'. */ @@ -561,6 +562,13 @@ void editorUpdateRow(erow *row) { for (j = 0; j < row->size; j++) if (row->chars[j] == TAB) tabs++; + unsigned long long allocsize = + (unsigned long long) row->size + tabs*8 + nonprint*9 + 1; + if (allocsize > UINT32_MAX) { + printf("Some line of the edited file is too long for kilo\n"); + exit(1); + } + row->render = malloc(row->size + tabs*8 + nonprint*9 + 1); idx = 0; for (j = 0; j < row->size; j++) { |