fix buffer overflow when handling long composed input
authorHiltjo Posthuma <hiltjo@codemadness.org>
Tue, 25 Oct 2022 15:11:11 +0000 (17:11 +0200)
committerHiltjo Posthuma <hiltjo@codemadness.org>
Tue, 25 Oct 2022 15:11:11 +0000 (17:11 +0200)
To reproduce the issue:

"
If you already have the multi-key enabled on your system, then add this line
to your ~/.XCompose file:

[...]
<question> <T> <E> <S> <T> <question> :
"1234567890123456789012345678901234567890123456789012345678901234567890"
"

Reported by and an initial patch by Andy Gozas <andy@gozas.me>, thanks!

Adapted the patch, for now st (like dmenu) handles a fixed amount of composed
characters, or otherwise ignores it. This is done for simplicity sake.

x.c

diff --git a/x.c b/x.c
index 2a3bd384c46560d5a1067c065efee4a3dc206f4b..aa0999708da84930a9752da8dd6d5bdc9991bb5d 100644 (file)
--- a/x.c
+++ b/x.c
@@ -1833,7 +1833,7 @@ void
 kpress(XEvent *ev)
 {
        XKeyEvent *e = &ev->xkey;
-       KeySym ksym;
+       KeySym ksym = NoSymbol;
        char buf[64], *customkey;
        int len;
        Rune c;
@@ -1843,10 +1843,13 @@ kpress(XEvent *ev)
        if (IS_SET(MODE_KBDLOCK))
                return;
 
-       if (xw.ime.xic)
+       if (xw.ime.xic) {
                len = XmbLookupString(xw.ime.xic, e, buf, sizeof buf, &ksym, &status);
-       else
+               if (status == XBufferOverflow)
+                       return;
+       } else {
                len = XLookupString(e, buf, sizeof buf, &ksym, NULL);
+       }
        /* 1. shortcuts */
        for (bp = shortcuts; bp < shortcuts + LEN(shortcuts); bp++) {
                if (ksym == bp->keysym && match(bp->mod, e->state)) {