From e4abef5768a8d1a43d7525486cb99a2f76ee9d52 Mon Sep 17 00:00:00 2001 From: Benno Schulenberg Date: Sun, 25 Sep 2022 09:57:05 +0200 Subject: [PATCH] input: give up when the capacity of the keystroke buffer overflows In theory, the 'size_t' of 'capacity' could be just two bytes, which means the keystroke buffer would overflow for pastes that are larger than 32 kilobytes -- which are unlikely to occur, but... possible. However, previously there was *no* overflow check when extending the keystroke buffer (only when trying to put back a key code), so this check is an improvement. (On a regular machine, 'size_t' is at least four bytes, which means the keystroke buffer would overflow at 2 gigabytes. Such a paste is extremely unlikely to occur, so this check is really a no-op.) --- src/winio.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/winio.c b/src/winio.c index f8b95356..018c4d07 100644 --- a/src/winio.c +++ b/src/winio.c @@ -143,6 +143,9 @@ void run_macro(void) /* Allocate the requested space for the keystroke buffer. */ void reserve_space_for(size_t newsize) { + if (newsize < capacity) + die(_("Too much input at once\n")); + key_buffer = nrealloc(key_buffer, newsize * sizeof(int)); nextcodes = key_buffer; capacity = newsize; @@ -324,10 +327,6 @@ size_t waiting_keycodes(void) /* Add the given keycode to the front of the keystroke buffer. */ void put_back(int keycode) { - /* If the keystroke buffer is at maximum capacity, don't add anything. */ - if (waiting_codes + 1 < waiting_codes) - return; - /* If there is no room at the head of the keystroke buffer, make room. */ if (nextcodes == key_buffer) { if (waiting_codes == capacity)