Fierelier/notepad-plus-plus-legacy
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fix out-of bounds read access issue for smart highlighting.

Browse Source 
Closes #1111
See https://github.com/notepad-plus-plus/notepad-plus-plus/pull/187/files
, see also comments added in the PR:

String returned by SCI_GETWORDCHARS from scintilla is not null terminated, so check for strlen in isWordChar() below on listChar is dangerous as strlen accesses data after the buffer until the first following null is found in memory
- seen with MS Application Verifier on x64 release
- expected to also happen on win32 x86 release
This commit is contained in:
Christian Grasser 2015-11-09 18:20:22 +01:00 committed by Don Ho
parent 54cf3ca3a3
commit 71edfb2dba
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
PowerEditor/src/ScitillaComponent/SmartHighlighter.cpp
View File

@ -61,6 +61,7 @@ void SmartHighlighter::highlightView(ScintillaEditView * pHighlightView)
int listCharSize = pHighlightView->execute(SCI_GETWORDCHARS, 0, 0); int listCharSize = pHighlightView->execute(SCI_GETWORDCHARS, 0, 0);
char *listChar = new char[listCharSize+1]; char *listChar = new char[listCharSize+1];
pHighlightView->execute(SCI_GETWORDCHARS, 0, (LPARAM)listChar); pHighlightView->execute(SCI_GETWORDCHARS, 0, (LPARAM)listChar);
listChar[listCharSize] = '\0';
bool valid = true; bool valid = true;
//The word has to consist if wordChars only, and the characters before and after something else //The word has to consist if wordChars only, and the characters before and after something else