From 3837ddc61ca11a811444e32bb8b248947d83807f Mon Sep 17 00:00:00 2001 From: Mamoru TASAKA Date: Wed, 5 May 2021 23:23:48 +0900 Subject: [PATCH] fontglide.c: drain_input: terminate with null explicitly Currently, when launching fontglide for some long time, fontglide comes to no longer show any characters. get_word_text() logic apparently expects that s->buf (where s is state *) ends with null character. struct state is initialized with calloc(), so at the first s->buf is initialized with all zero, so at the first s->buf is terminated with null character. However sometimes s->buf is memmove()ed in get_word_text(), and the next time get_word_text() fills s->buf and s->buf_tail is increased. At the time, s->buf[s->buf_tail] can be non-null character. After all, sometimes at the end of get_word_text(), s->buf_tail can be negative (i.e. "start" and "end" in get_word_text() point to some unexpected positions). When that happens, in drain_input(), the condition "s->buf_tail < sizeof(s->buf) - 2" gets "false", because "sizeof" returns "size_t", which is unsigned, so s->buf_tail gets very large integer. So the contents of s->buf will no longer be updated. As the result, fontglide will no longer show any characters on the screen. To avoid the above bug, explicitly make s->buf terminate with null on drain_input. --- hacks/fontglide.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/hacks/fontglide.c b/hacks/fontglide.c index be1ac63..b99b1d1 100644 --- a/hacks/fontglide.c +++ b/hacks/fontglide.c @@ -698,6 +698,7 @@ get_word_text (state *s) int n = end - s->buf; memmove (s->buf, end, sizeof(s->buf) - n); s->buf_tail -= n; + if (s->buf_tail < 0) abort(); } return result; @@ -2283,6 +2284,7 @@ drain_input (state *s) else break; } + s->buf[s->buf_tail] = 0; } -- 2.31.1