Fix buffer overflow with invalid quotes (#209)

A follow-up commit to 6f49ad0. The quotes can have their upper bits set in which case more than just two digits are printed, eventually overflowing the allocated memory. How to reproduce: less --quotes=$(echo -e '\xff\xff') -f /dev/null Then enter "-T x" to trigger lglob function
gwsw · Sep 30, 2021 · 426fd42 · 426fd42
1 parent d0b44fa
commit 426fd42
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/filename.c b/filename.c
@@ -757,7 +757,8 @@ lglob(filename)
  */
  len = (int) (strlen(lessecho) + strlen(filename) + (7*strlen(metachars())) + 24);
  cmd = (char *) ecalloc(len, sizeof(char));
- SNPRINTF4(cmd, len, "%s -p0x%x -d0x%x -e%s ", lessecho, openquote, closequote, esc);
+ SNPRINTF4(cmd, len, "%s -p0x%x -d0x%x -e%s ", lessecho,
+ (unsigned char) openquote, (unsigned char) closequote, esc);
  free(esc);
  for (s = metachars(); *s != '\0'; s++)
  sprintf(cmd + strlen(cmd), "-n0x%x ", (unsigned char) *s);