t9term: Add missing parentheses, preventing buffer overflow. - plan9port - [fork] Plan 9 from user space
 (HTM) git clone git://src.adamsgaard.dk/plan9port
 (DIR) Log
 (DIR) Files
 (DIR) Refs
 (DIR) README
 (DIR) LICENSE
       ---
 (DIR) commit 669713d43f8a014ba481265d4c58c3fe575527b4
 (DIR) parent 9f34853f7c6b459fb473d75cb78372406f69d7b2
 (HTM) Author: Ray Lai <ray@raylai.com>
       Date:   Mon, 23 May 2016 22:30:52 +0800
       
       9term: Add missing parentheses, preventing buffer overflow.
       
       (el-sr) is the string length and (sizeof wdir - strlen(name) - 20)
       is the buffer size. When the string length is greater than the
       buffer size, the beginning of the string is supposed to be trimmed
       tto fit in the buffer size. Unfortunately a pair of parentheses were
       missing, pointing sr outside the buffer, and the for loop below
       tthen reads outside the buffer. For certain binary data printed in
       a window, it causes a segfault.
       
       Change-Id: Iffeaa348260ee2a5a36d9577308fb8d1c1688d05
       Reviewed-on: https://plan9port-review.googlesource.com/1540
       Reviewed-by: Gleydson Soares <gsoares@gmail.com>
       
       Diffstat:
         M src/cmd/9term/win.c                 |       2 +-
       
       1 file changed, 1 insertion(+), 1 deletion(-)
       ---
 (DIR) diff --git a/src/cmd/9term/win.c b/src/cmd/9term/win.c
       t@@ -634,7 +634,7 @@ label(char *sr, int n)
        
                el = r+1;
                if(el-sr > sizeof wdir - strlen(name) - 20)
       -                sr = el - sizeof wdir - strlen(name) - 20;
       +                sr = el - (sizeof wdir - strlen(name) - 20);
                for(sl=el-3; sl>=sr; sl--)
                        if(sl[0]=='\033' && sl[1]==']' && sl[2]==';')
                                break;