https://gitlab.synchro.net/main/sbbs/-/commit/131f9d7cc0c6ae9805207e9b
Modified Files:
src/sbbs3/getstr.cpp main.cpp sbbs.h
Log Message:
Fix 20+ year old bug that allowed getstr(... K_WRAP) to overflow wordwrap bufThe sbbs_t::wordwrap[] buffer was 81 characters (80 printable characters, plusNUL terminator) and sbbs_t.getstr(), when used with the K_WRAP mode flag couldpotentially write more than 81 characters to this buffer (e.g. when using awider than 80 column terminal and writing a message with the internal lineeditor which calls sbbs_t::getstr(... K_WRAP)) - would corrupt sbbs_t membersafter wordwrap[], which included pointers that would be freed in the sbbs_tdestructor (~sbbs_t) and subsequently page/segfault as seen in issue #545.This change increases the wordwrap buffer to likely twice the same needed(maximum columns + NUL terminator) and adds wordwrap bounds checking tosbbs_t::getstr().There were comments indicating crash sightings in the sbsb_t
destructor goingback to 2002, so this commit removes those comments.Thanks to Nelgin for providing the gdb dump details ('print *this') that wasthe clue needed to reach the root-cause determination.This fixes issue #545.
--- SBBSecho 3.20-Linux
* Origin: Vertrauen - [vert/cvs/bbs].synchro.net (1:103/705)