commit 97fd556519f608ce0bbd3bd53419fb7b75a42fc3
parent df8e15c305a0bd6456cef3b39b709b70fdd18787
Author: Willow Barraco <contact@willowbarraco.fr>
Date: Thu, 16 Nov 2023 22:22:44 +0100
bufio/scanner: fix slice or array access out of bounds
I struggled with the scanner used with pipes in the context of himitsud
and hiprompt-tty.
The problem come from the scan_bytes methods. It suppose z is the
readahead size, but in fact this is the previous scan.pending. This
means that multiple loop of this scope cause nread to become higher than
scan.pending, and so cause a bound check abort.
To fix this, we just use z as nread, renamed as prevpending to avoid mistakes.
Signed-off-by: Willow Barraco <contact@willowbarraco.fr>
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/bufio/scanner.ha b/bufio/scanner.ha
@@ -173,9 +173,9 @@ export fn scan_bytes(
return io::EOF;
};
return scan_consume(scan, scan.pending);
- case let z: size =>
+ case let prevpending: size =>
// No need to re-index the earlier part of the buffer
- nread += z;
+ nread = prevpending;
};
};
