id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
4174	[patch] Improve safety of previous char fetching string functions.	psprint		"Hi,
I was stumbled that e.g.: in completion engine there are calls such as:

{{{
        if (ti != text)
        {
            …
            prev_char = str_get_prev_char (ti)[0];
            …
}}}

while the length of the (potentially malformed) character is unknown and the function might underrun the buffer when peeking for some preceding bytes. I submit a patch that:

– extends each of the `str_*_prev_char` functions with an argument holding the beginning of the string,
– it then replaces the calls to unsafe `g_utf8_prev_char` with an underrun safe function `g_utf8_find_prev_char`,
– the function obtains the string starting address and takes care not to peek before it,
– in case of the string being ended without any next character found the functions return `NULL`,
– then all places in the completion engine and in `usermenu.c` etc. have been updated to follow this new paradigm,
– also a couple of bugs have been fixed, like e.g.: assuming of command position in input completion if a single character have been entered and a space.

I think that thanks to this safety improvements some occasional crashes in input completion will be over."	defect	new	major	Future Releases	mc-core	master		safety,underruns,string,utf8				no branch