https://gitlab.synchro.net/main/sbbs/-/commit/6812da2fd3c14d77c0b5c401
Modified Files:
src/sbbs3/ansiterm.cpp
Log Message:
Fix CID 319174 (Out-of-bounds write) correctly
This Coverity reported issue was previously resolved (incorrectly) with
commit 0c441424 which also introduced a bug that ate all the unexpected
cursor position report characters (causing issue #304).
The correct fix was to compare the response length against the buffer size minus one, to leave room for the NUL terminator.
While fixing this and issue #304, I noticed that this function was using the response length ('rsp') as both the state machine state and string length, which didn't work right if a nearly-matching report/response was received:
the x/y values would have been stripped from the response before stuffing
in the keyboard input buffer. So a bit of a refactor here using a proper
state machine variable.
---
■ Synchronet ■ Vertrauen ■ Home of Synchronet ■ [vert/cvs/bbs].synchro.net