Skip to content

os: color: fix possible buffer overflow vulnerability and cleanup ugly coding style

The old approach of builtin color lookup used a binary search of strings within text blocks (their start offsets defined in the color array).

This could potentially lead to buffer overflow, if the requested color name far outreaches the text block (eg. same prefix as some entry near to the end, but really huge). This alone wouldn't allow remote memory readout (just comparing), but could possibly trigger page faults (sigsegv) or used as a building block for some more complex attack.

OTOH, the old approach is also hard to maintain, ugly programming style: on each change, all the offset need to be carefully recounted, which is pretty error-prone.

Both problems are solved by moving to simple, per-entry, char* pointers, instead of the one large text block.

Merge request reports

Loading