From 4dc7fe9854ca533ea4de84221061fb857b6e0dd4 Mon Sep 17 00:00:00 2001 From: Kaz Kylheku Date: Mon, 9 May 2022 07:14:29 -0700 Subject: Resizing: fix leaks, use-after-free. --- pw.c | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) diff --git a/pw.c b/pw.c index bf27dad..1c77191 100644 --- a/pw.c +++ b/pw.c @@ -1413,27 +1413,26 @@ int main(int argc, char **argv) if (winch) { winch = 0; if (ioctl(ttyfd, TIOCGWINSZ, &ws) == 0) { + int oldmax = pw.maxlines; + if (maxed || pw.maxlines >= ws.ws_row - 1) { + maxed = 1; + pw.maxlines = ws.ws_row - 1; + } if (maxed) { pw.hist = 0; - pw.circbuf = resizebuf(pw.circbuf, pw.maxlines, ws.ws_row - 1); - snapshot[0] = resizebuf(snapshot[0], pw.maxlines, ws.ws_row - 1); + pw.circbuf = resizebuf(pw.circbuf, oldmax, pw.maxlines); + snapshot[0] = resizebuf(snapshot[0], oldmax, pw.maxlines); + if (pw.nlines > pw.maxlines) + pw.nlines = pw.maxlines; + if (snaplines[0] > pw.maxlines) + snaplines[0] = pw.maxlines; for (int i = 1; i < snhistsize; i++) { freebuf(snapshot[i], snaplines[i]); free(snapshot[i]); snapshot[i] = 0; } - } else { - if (pw.maxlines >= ws.ws_row) { - pw.maxlines = ws.ws_row - 1; - maxed = 1; - } } - if (pw.nlines > pw.maxlines) - pw.nlines = pw.maxlines; - if (snaplines[0] > pw.maxlines) - snaplines[0] = pw.maxlines; - pw.columns = ws.ws_col; clipsplits(&pw); @@ -1663,6 +1662,7 @@ int main(int argc, char **argv) break; } else { int count = (cmdcount == INT_MAX) ? 1 : cmdcount; + int oldmax = pw.maxlines; pw.maxlines += count; @@ -1671,8 +1671,9 @@ int main(int argc, char **argv) pw.maxlines = ws.ws_row - 1; } - pw.circbuf = resizebuf(pw.circbuf, pw.maxlines, pw.maxlines + 1); - snapshot[0] = resizebuf(snapshot[0], pw.maxlines, pw.maxlines + 1); + pw.circbuf = resizebuf(pw.circbuf, oldmax, pw.maxlines); + snapshot[0] = resizebuf(snapshot[0], oldmax, pw.maxlines); + for (int i = 1; i < snhistsize; i++) { freebuf(snapshot[i], snaplines[i]); free(snapshot[i]); -- cgit v1.2.3