gre-ilya/libuv
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

win/tty: fix off-by-one NUL write in UTF-16 to WTF-8 conversion

Browse Source 
Reserve one byte for the NUL terminator when passing the buffer size
to uv_utf16_to_wtf8() in the TTY line-read path. Without this, when
all input characters encode to exactly 3 UTF-8 bytes (e.g. CJK) and
the buffer size is divisible by 3, the NUL terminator is written one
byte past the allocated buffer.

The other two call sites in src/win/util.c already subtract 1 before
calling uv_utf16_to_wtf8(). This aligns tty.c with that convention.

Fixes: f3889085 ("win,tty: convert line-read UTF-16 to WTF-8")
Ref: GHSA-4prr-4742-3ccf
This commit is contained in:
Ali Raza 2026-03-09 18:11:30 +05:00
parent a19ceeb13a
commit 60e67eb7d7
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/win/tty.c
View File

@ -555,7 +555,7 @@ static DWORD CALLBACK uv_tty_line_read_thread(void* data) {
NULL);
if (read_console_success) {
read_bytes = bytes;
read_bytes = bytes - 1;
uv_utf16_to_wtf8(utf16,
read_chars,
&handle->tty.rd.read_line_buffer.base,