st

Suckless' st with my personal patches
git clone https://git.instinctive.eu/st.git
Log | Files | Refs | README | LICENSE

commit e5e959835b195c023d1f685ef4dbbcfc3b5120b2
parent 68d1ad9b54e952e3079356aeab8ab37e44c56c2c
Author: Hiltjo Posthuma <hiltjo@codemadness.org>
Date:   Tue, 25 Oct 2022 17:11:11 +0200

fix buffer overflow when handling long composed input

To reproduce the issue:

"
If you already have the multi-key enabled on your system, then add this line
to your ~/.XCompose file:

[...]
<question> <T> <E> <S> <T> <question> :
"1234567890123456789012345678901234567890123456789012345678901234567890"
"

Reported by and an initial patch by Andy Gozas <andy@gozas.me>, thanks!

Adapted the patch, for now st (like dmenu) handles a fixed amount of composed
characters, or otherwise ignores it. This is done for simplicity sake.

Diffstat:
Mx.c | 9++++++---
1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/x.c b/x.c @@ -1833,7 +1833,7 @@ void kpress(XEvent *ev) { XKeyEvent *e = &ev->xkey; - KeySym ksym; + KeySym ksym = NoSymbol; char buf[64], *customkey; int len; Rune c; @@ -1843,10 +1843,13 @@ kpress(XEvent *ev) if (IS_SET(MODE_KBDLOCK)) return; - if (xw.ime.xic) + if (xw.ime.xic) { len = XmbLookupString(xw.ime.xic, e, buf, sizeof buf, &ksym, &status); - else + if (status == XBufferOverflow) + return; + } else { len = XLookupString(e, buf, sizeof buf, &ksym, NULL); + } /* 1. shortcuts */ for (bp = shortcuts; bp < shortcuts + LEN(shortcuts); bp++) { if (ksym == bp->keysym && match(bp->mod, e->state)) {