winansi: avoid buffer overrun

When we could not convert the UTF-8 sequence into Unicode for writing to
the Console, we should not try to write an insanely-long sequence of
invalid wide characters (mistaking the negative return value for an
unsigned length).

Reported by Coverity.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Junio C Hamano <gitster@pobox.com>

diff --git a/compat/winansi.c b/compat/winansi.c
index a551de90eb042804690ab4dbef6beee948693285..a11a0f16d276470381587236ae513994d92af477 100644 (file)
--- a/compat/winansi.c
+++ b/compat/winansi.c
@@ -140,6 +140,11 @@ static void write_console(unsigned char *str, size_t len)
 
        /* convert utf-8 to utf-16 */
        int wlen = xutftowcsn(wbuf, (char*) str, ARRAY_SIZE(wbuf), len);
+       if (wlen < 0) {
+               wchar_t *err = L"[invalid]";
+               WriteConsoleW(console, err, wcslen(err), &dummy, NULL);
+               return;
+       }
 
        /* write directly to console */
        WriteConsoleW(console, wbuf, wlen, &dummy, NULL);