On Wed, Aug 31, 2011 at 10:46 AM, Cheng Renquan <crquan@xxxxxxxxx> wrote:
> In case KEY_BACKSPACE / KEY_DC to delete a char, it memmove only
> (len-cursor_position+1) bytes;
> the default case is to insert a char, it should also memmove exactly
> (len-cursor_position+1) bytes;
>
> the original use of (len+1) is wrong and may access following memory
> that doesn't belong to result, may cause SegFault in theory;
>
> case KEY_BACKSPACE:
> if (cursor_position > 0) {
> memmove(&result[cursor_position-1],
> &result[cursor_position],
> len-cursor_position+1);
> cursor_position--;
> }
> break;
> case KEY_DC:
> if (cursor_position >= 0 && cursor_position < len) {
> memmove(&result[cursor_position],
> &result[cursor_position+1],
> len-cursor_position+1);
> }
> break;
> default:
> if ((isgraph(res) || isspace(res)) &&
> len-2 < result_len) {
> /* insert the char at the proper position */
> memmove(&result[cursor_position+1],
> &result[cursor_position],
> len-cursor_position+1);
> result[cursor_position] = res;
> cursor_position++;
> }
>
> Signed-off-by: Cheng Renquan <crquan@xxxxxxxxx>
> ---
> scripts/kconfig/nconf.gui.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/scripts/kconfig/nconf.gui.c b/scripts/kconfig/nconf.gui.c
> index d3af04e..3ce2a7c 100644
> --- a/scripts/kconfig/nconf.gui.c
> +++ b/scripts/kconfig/nconf.gui.c
> @@ -457,7 +457,7 @@ int dialog_inputbox(WINDOW *main_window,
> /* insert the char at the proper position */
> memmove(&result[cursor_position+1],
> &result[cursor_position],
> - len+1);
> + len-cursor_position+1);
> result[cursor_position] = res;
> cursor_position++;
> } else {
> --
> 1.7.6
>
>
Acked-by: Nir Tzachar <nir.tzachar@xxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-kbuild" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
