base64dec: don't read out of bounds

[st.git] / st.c

diff --git a/st.c b/st.c
index 8e6ccb5..a8f8232 100644 (file)
--- a/st.c
+++ b/st.c
@@ -366,7 +366,7 @@ char
 base64dec_getc(const char **src)
 {
        while (**src && !isprint(**src)) (*src)++;
 base64dec_getc(const char **src)
 {
        while (**src && !isprint(**src)) (*src)++;

-       return *((*src)++);
+       return **src ? *((*src)++) : '=';  /* emulate padding if string ends */

 }
 
 char *
 }
 
 char *


@@ -384,6 +384,10 @@ base64dec(const char *src)
                int c = base64_digits[(unsigned char) base64dec_getc(&src)];
                int d = base64_digits[(unsigned char) base64dec_getc(&src)];
 
                int c = base64_digits[(unsigned char) base64dec_getc(&src)];
                int d = base64_digits[(unsigned char) base64dec_getc(&src)];
 

+               /* invalid input. 'a' can be -1, e.g. if src is "\n" (c-str) */
+               if (a == -1 || b == -1)
+                       break;
+

                *dst++ = (a << 2) | ((b & 0x30) >> 4);
                if (c == -1)
                        break;
                *dst++ = (a << 2) | ((b & 0x30) >> 4);
                if (c == -1)
                        break;


@@ -458,7 +462,7 @@ selextend(int col, int row, int type, int done)
        selnormalize();
        sel.type = type;
 
        selnormalize();
        sel.type = type;
 

-       if (oldey != sel.oe.y || oldex != sel.oe.x || oldtype != sel.type)
+       if (oldey != sel.oe.y || oldex != sel.oe.x || oldtype != sel.type || sel.mode == SEL_EMPTY)

                tsetdirt(MIN(sel.nb.y, oldsby), MAX(sel.ne.y, oldsey));
 
        sel.mode = done ? SEL_IDLE : SEL_READY;
                tsetdirt(MIN(sel.nb.y, oldsby), MAX(sel.ne.y, oldsey));
 
        sel.mode = done ? SEL_IDLE : SEL_READY;