From 73d7b9d7753d35c63f24defe6d26c7c06ffa3cce Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Mon, 16 Oct 2017 16:21:10 -0400 Subject: [PATCH 1/3] Don't proceed with cmd_msg if there was an error splitting msg There may be cases (such as if target or server->nick is very long) where the split_message function returns NULL, indicating an error. To avoid a potential segfault, we now check to see if splitmsgs is NULL. --- src/core/chat-commands.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/core/chat-commands.c b/src/core/chat-commands.c index d5a133f8..77f02aa2 100644 --- a/src/core/chat-commands.c +++ b/src/core/chat-commands.c @@ -404,7 +404,10 @@ static void cmd_msg(const char *data, SERVER_REC *server, WI_ITEM_REC *item) else splitmsgs = singlemsg; - while ((m = splitmsgs[n++])) { + /* splitmsgs may be NULL if there was an error */ + g_warn_if_fail(splitmsgs != NULL); + + while (splitmsgs && (m = splitmsgs[n++])) { signal_emit("server sendmsg", 4, server, target, m, GINT_TO_POINTER(target_type)); signal_emit(target_type == SEND_TARGET_CHANNEL ? From beb2beba3b4802c6969a5595197e25e7a5483fa3 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Wed, 18 Oct 2017 14:33:02 -0400 Subject: [PATCH 2/3] Revert "Don't proceed with cmd_msg if there was an error splitting msg" This reverts commit bd83852d646de28f2e0fe01efe7c9236aa4074d4. --- src/core/chat-commands.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/src/core/chat-commands.c b/src/core/chat-commands.c index 77f02aa2..d5a133f8 100644 --- a/src/core/chat-commands.c +++ b/src/core/chat-commands.c @@ -404,10 +404,7 @@ static void cmd_msg(const char *data, SERVER_REC *server, WI_ITEM_REC *item) else splitmsgs = singlemsg; - /* splitmsgs may be NULL if there was an error */ - g_warn_if_fail(splitmsgs != NULL); - - while (splitmsgs && (m = splitmsgs[n++])) { + while ((m = splitmsgs[n++])) { signal_emit("server sendmsg", 4, server, target, m, GINT_TO_POINTER(target_type)); signal_emit(target_type == SEND_TARGET_CHANNEL ? From 0840eaec7bf56740029aae614e393f8cf76f6946 Mon Sep 17 00:00:00 2001 From: Joseph Bisch Date: Wed, 18 Oct 2017 14:52:04 -0400 Subject: [PATCH 3/3] Make split functions return an array with NULL instead of NULL This avoids undefined behavior in functions that call these split functions and expect an array back instead of just a NULL pointer. --- src/core/recode.c | 7 ++++++- src/irc/core/irc-servers.c | 5 ++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/core/recode.c b/src/core/recode.c index d001a46a..d3fc91e7 100644 --- a/src/core/recode.c +++ b/src/core/recode.c @@ -198,7 +198,12 @@ char **recode_split(const SERVER_REC *server, const char *str, int n = 0; char **ret; - g_return_val_if_fail(str != NULL, NULL); + g_warn_if_fail(str != NULL); + if (str == NULL) { + ret = g_new(char *, 1); + ret[0] = NULL; + return ret; + } if (settings_get_bool("recode")) { to = find_conversion(server, target); diff --git a/src/irc/core/irc-servers.c b/src/irc/core/irc-servers.c index 3117e345..4eaab712 100644 --- a/src/irc/core/irc-servers.c +++ b/src/irc/core/irc-servers.c @@ -116,11 +116,14 @@ static char **split_line(const SERVER_REC *server, const char *line, * the code much simpler. It's worth it. */ len -= strlen(recoded_start) + strlen(recoded_end); + g_warn_if_fail(len > 0); if (len <= 0) { /* There is no room for anything. */ g_free(recoded_start); g_free(recoded_end); - return NULL; + lines = g_new(char *, 1); + lines[0] = NULL; + return lines; } lines = recode_split(server, line, target, len, onspace);