escape.c: fix an integer overflow issue, especially on 32-bit archs

yamt · yamt · commit 600fe284ea2e · 2025-01-08T21:00:24.000+09:00
diff --git a/lib/escape.c b/lib/escape.c
@@ -76,25 +76,25 @@ escape_name(struct escaped_string *e, const struct name *n)
                         }
                 }
                 char *dp = e->escaped;
-                const char *dep = dp + lim;
+                const char *dsp = dp;
                 for (p = sp; p < ep; p++) {
                         char ch = *p;
                         if (need_escape(ch)) {
-                                if (dp + escaped_char_size > dep) {
+                                if (dp + escaped_char_size - dsp > lim) {
                                         break;
                                 }
                                 *dp++ = '\\';
                                 *dp++ = oct(((uint8_t)ch >> 6) & 0x07);
                                 *dp++ = oct(((uint8_t)ch >> 3) & 0x07);
                                 *dp++ = oct((uint8_t)ch & 0x07);
                         } else {
-                                if (dp + 1 > dep) {
+                                if (dp + 1 - dsp > lim) {
                                         break;
                                 }
                                 *dp++ = ch;
                         }
                 }
-                assert(dp <= dep);
+                assert(dp - dsp <= lim);
                 if (lim != INT_MAX) {
                         assert(e->escaped == e->small);
                         assert(dp + omitted_size <=

Original file line number	Diff line number	Diff line change
`@@ -76,25 +76,25 @@ escape_name(struct escaped_string e, const struct name n)`
`76`	`76`	`}`
`77`	`77`	`}`
`78`	`78`	`char *dp = e->escaped;`
`79`		`- const char *dep = dp + lim;`
	`79`	`+ const char *dsp = dp;`
`80`	`80`	`for (p = sp; p < ep; p++) {`
`81`	`81`	`char ch = *p;`
`82`	`82`	`if (need_escape(ch)) {`
`83`		`- if (dp + escaped_char_size > dep) {`
	`83`	`+ if (dp + escaped_char_size - dsp > lim) {`
`84`	`84`	`break;`
`85`	`85`	`}`
`86`	`86`	`*dp++ = '\\';`
`87`	`87`	`*dp++ = oct(((uint8_t)ch >> 6) & 0x07);`
`88`	`88`	`*dp++ = oct(((uint8_t)ch >> 3) & 0x07);`
`89`	`89`	`*dp++ = oct((uint8_t)ch & 0x07);`
`90`	`90`	`} else {`
`91`		`- if (dp + 1 > dep) {`
	`91`	`+ if (dp + 1 - dsp > lim) {`
`92`	`92`	`break;`
`93`	`93`	`}`
`94`	`94`	`*dp++ = ch;`
`95`	`95`	`}`
`96`	`96`	`}`
`97`		`- assert(dp <= dep);`
	`97`	`+ assert(dp - dsp <= lim);`
`98`	`98`	`if (lim != INT_MAX) {`
`99`	`99`	`assert(e->escaped == e->small);`
`100`	`100`	`assert(dp + omitted_size <=`