From: Johannes Schindelin <johannes.schindelin@gmx.de>
Date: Thu, 4 May 2017 13:55:34 +0000 (+0200)
Subject: winansi: avoid buffer overrun
X-Git-Tag: v2.13.1~27^2~23
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b6b066adf9e1e970a6d8295db630ab1e1f3bc71c;p=thirdparty%2Fgit.git

winansi: avoid buffer overrun

When we could not convert the UTF-8 sequence into Unicode for writing to
the Console, we should not try to write an insanely-long sequence of
invalid wide characters (mistaking the negative return value for an
unsigned length).

Reported by Coverity.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
---

diff --git a/compat/winansi.c b/compat/winansi.c
index a551de90eb..a11a0f16d2 100644
--- a/compat/winansi.c
+++ b/compat/winansi.c
@@ -140,6 +140,11 @@ static void write_console(unsigned char *str, size_t len)
 
 	/* convert utf-8 to utf-16 */
 	int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len);
+	if (wlen < 0) {
+		wchar_t *err = L"[invalid]";
+		WriteConsoleW(console, err, wcslen(err), &dummy, NULL);
+		return;
+	}
 
 	/* write directly to console */
 	WriteConsoleW(console, wbuf, wlen, &dummy, NULL);