Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan.
After a lot of analysis I'm 99% sure this isn't security relevant so
it's fine to handle this publicly.
The fix is mainly adding a function that does it right and use it
everywhere. This is harder than it seems because the strtol() family of
functions doesn't have the friendliest of interfaces.
Aside from get_ansi_color(), there were other pieces of code that used
the same (out*10+(*in-'0')) pattern, like the parse_size() and
parse_time_interval() functions, which are mostly used for settings.
Those are interesting cases, since they multiply the parsed number
(resulting in more overflows) and they write to a signed integer
parameter (which can accidentally make the uints negative without UB)
Thanks to Pascal Cuoq for enlightening me about the undefined behavior
of parse_size (and, in particular, the implementation-defined behavior
of one of the WIP versions of this commit, where something like signed
integer overflow happened, but it was legal). Also for writing
tis-interpreter, which is better than ubsan to verify these things.
server.. Also added a FIXME: window item would need reference counting as
well, eg. "/EVAL win close;say hello" wouldn't work now.. But that's probably
job for the rewrite irssi. don't go use things like that :)
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2381 dbcabf3a-b0e7-0310-adc4-f8d773084564
/alias echo foo; echo bar works properly). Also if there was any empty
commands they're now ignored.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@2105 dbcabf3a-b0e7-0310-adc4-f8d773084564
of signals the expandos use. Also added "time changed" signal which gets
emitted when $Z changes.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1814 dbcabf3a-b0e7-0310-adc4-f8d773084564
you can use $C etc. in themes to print the active channel. printformat()
also expands it now correctly to the server/target where the message was
printed, not to the active window's server/target.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1802 dbcabf3a-b0e7-0310-adc4-f8d773084564
with % char. Used this with statusbar items - now for example "{error xxx}"
topic won't print it with error color.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1564 dbcabf3a-b0e7-0310-adc4-f8d773084564
treated as color code. So color codes can now be used in /SET prompt
string itself, but in none of the $variables it uses.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1324 dbcabf3a-b0e7-0310-adc4-f8d773084564
'prompt' is used when channel or query is active in window and
'prompt_window' is used with empty windows.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@1005 dbcabf3a-b0e7-0310-adc4-f8d773084564
eval_special_string() : if any of the commands separated with ; used
the arguments ($0, $1, etc.) don't anymore append all the arguments
after other commands.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@903 dbcabf3a-b0e7-0310-adc4-f8d773084564
If you /SET expand_escapes ON and type \n or \t to text line, they
will be expanded.
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@326 dbcabf3a-b0e7-0310-adc4-f8d773084564
- GNOME version isn't anymore build here so you don't need all that GTK and
GNOME crap to compile irssi-text.
- Some fixes to compile with -ansi -pedantic
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@200 dbcabf3a-b0e7-0310-adc4-f8d773084564