From 3665541dac1479a83edae016aa1053ac7be162ba Mon Sep 17 00:00:00 2001 From: NRK Date: Tue, 21 Nov 2023 19:30:40 +0600 Subject: [PATCH 1/2] fix buffer overflow on certain platforms the size of g_buf depends on PATH_MAX and NAME_MAX which on certain platforms (such as mac) might not be big enough to decode the help string. use an explicit buffer with proper size instead. Closes: https://github.com/jarun/nnn/issues/1768 --- src/nnn.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/nnn.c b/src/nnn.c index 5920797f..15b221d8 100644 --- a/src/nnn.c +++ b/src/nnn.c @@ -5160,6 +5160,7 @@ static void show_help(const char *path) "cT Set time type%110 Lock\n" "b^L Redraw%18? Help, conf\n" }; + char help_buf[1<<11]; // if editing helpstr, ensure this has enough space to decode it int fd = create_tmp_file(); if (fd == -1) @@ -5170,7 +5171,7 @@ static void show_help(const char *path) get_output(prog, NULL, NULL, fd, FALSE); bool hex = true; - char *w = g_buf; + char *w = help_buf; const char *end = helpstr + (sizeof helpstr - 1); for (const char *s = helpstr; s < end; ++s) { if (hex) { @@ -5184,7 +5185,7 @@ static void show_help(const char *path) } hex = *s == '\n'; } - if (write(fd, g_buf, w - g_buf)) {} // silence warning + if (write(fd, help_buf, w - help_buf)) {} // silence warning dprintf(fd, "\nLOCATIONS\n"); for (uchar_t i = 0; i < CTX_MAX; ++i) From 60eabb6170c4dda86a92047af9e4034ac66b5b16 Mon Sep 17 00:00:00 2001 From: NRK Date: Tue, 21 Nov 2023 20:50:45 +0600 Subject: [PATCH 2/2] silence ci warning --- src/nnn.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/nnn.c b/src/nnn.c index 15b221d8..d8e33260 100644 --- a/src/nnn.c +++ b/src/nnn.c @@ -5185,7 +5185,8 @@ static void show_help(const char *path) } hex = *s == '\n'; } - if (write(fd, help_buf, w - help_buf)) {} // silence warning + ssize_t res = write(fd, help_buf, w - help_buf); + (void)res; // silence warning dprintf(fd, "\nLOCATIONS\n"); for (uchar_t i = 0; i < CTX_MAX; ++i)