winansi: avoid buffer overrun

When we could not convert the UTF-8 sequence into Unicode for writing to the Console, we should not try to write an insanely-long sequence of invalid wide characters (mistaking the negative return value for an unsigned length). Reported by Coverity. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
author: Johannes Schindelin <johannes.schindelin@gmx.de> 2017-05-04 15:55:34 +0200
committer: Junio C Hamano <gitster@pobox.com> 2017-05-08 12:18:19 +0900
commit: b6b066adf9e1e970a6d8295db630ab1e1f3bc71c (patch)
tree: cb406803715e04953a1745fbb26f8c1f85d672ff /compat
parent: winansi: avoid use of uninitialized value (diff)
download: tgif-b6b066adf9e1e970a6d8295db630ab1e1f3bc71c.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/compat/winansi.c b/compat/winansi.c
index a551de90eb..a11a0f16d2 100644
--- a/compat/winansi.c
+++ b/compat/winansi.c
@@ -140,6 +140,11 @@ static void write_console(unsigned char *str, size_t len)
 
 	/* convert utf-8 to utf-16 */
 	int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len);
+	if (wlen < 0) {
+		wchar_t *err = L"[invalid]";
+		WriteConsoleW(console, err, wcslen(err), &dummy, NULL);
+		return;
+	}
 
 	/* write directly to console */
 	WriteConsoleW(console, wbuf, wlen, &dummy, NULL);
author	Johannes Schindelin <johannes.schindelin@gmx.de>	2017-05-04 15:55:34 +0200
committer	Junio C Hamano <gitster@pobox.com>	2017-05-08 12:18:19 +0900
commit	b6b066adf9e1e970a6d8295db630ab1e1f3bc71c (patch)
tree	cb406803715e04953a1745fbb26f8c1f85d672ff /compat
parent	winansi: avoid use of uninitialized value (diff)
download	tgif-b6b066adf9e1e970a6d8295db630ab1e1f3bc71c.tar.xz