ios_system icon indicating copy to clipboard operation
ios_system copied to clipboard
verified publisher icon holzschu

Executing Ctrl-^ as a command crashes the app

Open l2dy opened this issue 1 year ago • 4 comments

ios_system uses 0x1e as its internal Record Separator for arguments with both ' and ". The internal 0x1e always comes in pairs, except when you put one in the input, in which case strchr(argument + 1, recordSeparator) could return NULL and the functions returns 0x1, an invalid address to call strlen() upon.

diff --git a/ios_system.m b/ios_system.m
index 21e9eeb..87a498b 100644
--- a/ios_system.m
+++ b/ios_system.m
@@ -2459,6 +2459,7 @@ static char* getLastCharacterOfArgument(const char* argument) {
         return NULL;
     } else if (argument[0] == recordSeparator) {
         char* endquote = strchr(argument + 1, recordSeparator);
+        if (endquote == NULL) return NULL; // be safe
         return endquote + 1;
     }
     // TODO: the last character of the argument could also be '<' or '>' (vim does that, with no space after file name)

Related: https://github.com/blinksh/blink/issues/1994

l2dy avatar Mar 22 '24 15:03 l2dy

https://github.com/holzschu/ios_system/blob/430d87dd15b42fc321cc256dc394ea93ab256e48/ios_system.m#L3011

4 or more 0x1e would also trigger this assertion. If we don't have a real-world use case for having 0x1e in a command, maybe we should consider stripping 0x1e out before passing it to ios_system.

l2dy avatar Mar 22 '24 16:03 l2dy

Thanks for this. That makes sense. I've added it to the code.

holzschu avatar Mar 22 '24 16:03 holzschu

Release v3.0.3 has this fix incorporated: https://github.com/holzschu/ios_system/releases/tag/v3.0.3

holzschu avatar Mar 23 '24 08:03 holzschu

Release v3.0.3 has this fix incorporated: https://github.com/holzschu/ios_system/releases/tag/v3.0.3

Thanks! Is the release notes incomplete?

l2dy avatar Mar 23 '24 08:03 l2dy