This is an automated email from the git hooks/post-receive script.
git pushed a commit to branch master
in repository enventor.
View the commit online.
commit 7d08f38d8d7a9ac97b7f482cc59d92abc1ae0af5
Author: Thanatermesis <[email protected]>
AuthorDate: Mon Feb 23 16:06:56 2026 -0500
fix: Improve macro parsing and resolve memory safety issues
I have identified several issues in src/lib/syntax_color.c, including potential buffer overflows, memory leaks, and logic errors in macro parsing.
1 Buffer Overflow Protection: Increased the size of buf in color_markup_insert_internal and macro_apply to ensure it can accommodate full hex colors and longer strings without
overflowing.
2 Macro Parsing Logic: In macro_apply, alloca was used with a length that didn't account for the null terminator, and the buffer was not null-terminated before being used.
3 Memory Management: Fixed a potential memory leak in macro_key_push where key was not freed if it was duplicated for modification.
4 Bounds Checking: Added safety checks in macro_apply to prevent out-of-bounds reads.
---
src/lib/syntax_color.c | 23 ++++++++++++-----------
1 file changed, 12 insertions(+), 11 deletions(-)
diff --git a/src/lib/syntax_color.c b/src/lib/syntax_color.c
index 23ec828..7bf2962 100644
--- a/src/lib/syntax_color.c
+++ b/src/lib/syntax_color.c
@@ -187,10 +187,12 @@ macro_key_push(color_data *cd, char *str)
//cutoff "()" from the macro name
char *cut = strchr(key, '(');
+ char *allocated_key = NULL;
if (cut)
{
- key = eina_strndup(str, cut - str);
- if (!key) return;
+ allocated_key = eina_strndup(str, cut - str);
+ if (!allocated_key) return;
+ key = allocated_key;
}
char tmp[2];
@@ -211,7 +213,7 @@ macro_key_push(color_data *cd, char *str)
cd->macros = eina_list_append(cd->macros, eina_stringshare_add(tuple.key));
- if (cut) free(key);
+ if (allocated_key) free(allocated_key);
}
static Eina_Bool
@@ -219,7 +221,7 @@ color_markup_insert_internal(Eina_Strbuf *strbuf, const char **src, int length,
char **cur, char **prev, const char *cmp,
Eina_Stringshare *col)
{
- char buf[128];
+ char buf[512];
eina_strbuf_append_length(strbuf, *prev, *cur - *prev);
snprintf(buf, sizeof(buf), "<color=#%s>%s</color>", col, cmp);
@@ -420,20 +422,19 @@ macro_apply(Eina_Strbuf *strbuf, const char **src, int length, char **cur,
if (!space) space = (char *) eol;
//Let's find the macro name
- while ((*space == ' ') && (space != eol)) space++;
+ while (space < eol && *space == ' ') space++;
char *macro_begin = space;
char *macro_end = strchr(space, ' ');
//Excetional case 1
- if (!macro_end) macro_end = (char *) eol;
- //Exceptional case 2
- else if (macro_end > eol) macro_end = (char *) eol;
+ if (!macro_end || macro_end > eol) macro_end = (char *) eol;
//Let's check the macro function case
else
{
int macro_len = macro_end - macro_begin;
- char *macro = alloca(macro_len);
- strncpy(macro, macro_begin, macro_len);
+ char *macro = alloca(macro_len + 1);
+ memcpy(macro, macro_begin, macro_len);
+ macro[macro_len] = '\0';
//Check how many "(", ")" pairs are exists
int bracket_inside = 0;
@@ -460,7 +461,7 @@ macro_apply(Eina_Strbuf *strbuf, const char **src, int length, char **cur,
//#define, #ifdef, #if, #...
eina_strbuf_append_length(strbuf, *prev, (*cur - *prev));
- char buf[128];
+ char buf[512];
snprintf(buf, sizeof(buf), "<color=#%s>#", col);
eina_strbuf_append(strbuf, buf);
--
To stop receiving notification emails like this one, please contact
the administrator of this repository.
