about summary refs log tree commit diff
diff options
context:
space:
mode:
authorAndrey Borzenkov <bor@users.sourceforge.net>2005-08-18 18:15:44 +0000
committerAndrey Borzenkov <bor@users.sourceforge.net>2005-08-18 18:15:44 +0000
commitc26b8accb4b242991e4aae444a6799576a36783d (patch)
tree54f7b4e2fbafe0617de46a9b53963c0455ef9b7d
parent2396eb34e4d5834a9ef87d08d3f4161d0d84dc1a (diff)
downloadzsh-c26b8accb4b242991e4aae444a6799576a36783d.tar.gz
zsh-c26b8accb4b242991e4aae444a6799576a36783d.tar.xz
zsh-c26b8accb4b242991e4aae444a6799576a36783d.zip
21663: check for string overflow
-rw-r--r--ChangeLog5
-rw-r--r--Src/Zle/complete.c9
2 files changed, 10 insertions, 4 deletions
diff --git a/ChangeLog b/ChangeLog
index 656aa40f2..8db9a7d6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2005-08-18  Andrey Borzenkov  <bor@zsh.org>
+
+	* 21663: Src/Zle/complete.c: check for string overflow
+	in do_comp_vars()
+
 2005-08-18  Peter Stephenson  <pws@csr.com>
 
 	* unposted: Doc/Zsh/contrib.yo, Functions/Zle/insert-unicode-char:
diff --git a/Src/Zle/complete.c b/Src/Zle/complete.c
index b8db18b1f..e246e2b8a 100644
--- a/Src/Zle/complete.c
+++ b/Src/Zle/complete.c
@@ -821,6 +821,8 @@ do_comp_vars(int test, int na, char *sa, int nb, char *sb, int mod)
 		    add = -1;
 		} else {
 		    p = compprefix + 1 + (*compprefix == Meta);
+		    if (p > compprefix + l)
+			p = compprefix + l;
 		    add = 1;
 		}
 		for (;;) {
@@ -833,10 +835,9 @@ do_comp_vars(int test, int na, char *sa, int nb, char *sb, int mod)
 		    if (add > 0) {
 			if (p == compprefix + l)
 			    return 0;
-			if (*p == Meta)
-			    p += 2;
-			else
-			    p++;
+			p = p + 1 + (*p == Meta);
+			if (p > compprefix + l)
+			    p = compprefix + l;
 		    } else {
 			if (p == compprefix)
 			    return 0;