From 23ed9bfca3d5d676c26b0fdfd3f0ca9044db64b8 Mon Sep 17 00:00:00 2001
From: Lumynous <lumynou5.tw@gmail.com>
Date: Thu, 27 Mar 2025 18:00:25 +0800
Subject: [PATCH 1/4] Fix wrong variable to add null terminator

Change-Id: I8f99658d599400113c7c215a401aea01da28aec9
---
 qtest.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/qtest.c b/qtest.c
index 859827f29..b622d0816 100644
--- a/qtest.c
+++ b/qtest.c
@@ -1401,7 +1401,7 @@ int main(int argc, char *argv[])
         }
         case 'l':
             strncpy(lbuf, optarg, BUFSIZE);
-            buf[BUFSIZE - 1] = '\0';
+            lbuf[BUFSIZE - 1] = '\0';
             logfile_name = lbuf;
             break;
         default:

From db14e1424505787ba8b0b863d65f43cae91d20d4 Mon Sep 17 00:00:00 2001
From: Lumynous <lumynou5.tw@gmail.com>
Date: Thu, 27 Mar 2025 18:16:48 +0800
Subject: [PATCH 2/4] Ignore unused structure member check for linenoise

Change-Id: Id7f150d4ac6b5229716c646f970a2a5c14a5ede5
---
 scripts/pre-commit.hook | 1 +
 1 file changed, 1 insertion(+)

diff --git a/scripts/pre-commit.hook b/scripts/pre-commit.hook
index fa2170766..b84094514 100755
--- a/scripts/pre-commit.hook
+++ b/scripts/pre-commit.hook
@@ -44,6 +44,7 @@ cppcheck_suppressions() {
     "preprocessorErrorDirective:random.h"
     "constVariablePointer:linenoise.c"
     "staticFunction:linenoise.c"
+    "unusedStructMember:linenoise.h"
     "nullPointerOutOfMemory:web.c"
     "staticFunction:web.c"
     "constParameterCallback:tools/fmtscan.c"

From a3539f1760986a0a197c59158eb65edd2e9f552d Mon Sep 17 00:00:00 2001
From: Lumynous <lumynou5.tw@gmail.com>
Date: Thu, 27 Mar 2025 18:39:43 +0800
Subject: [PATCH 3/4] Fix potential buffer overflow in eventmux callback

This changes the parameter list of the eventmux callback, affecting the
header and the implementation of the dependency linenoise, but it is
necessary to prevent potential buffer overflow and to make the program
compile with '-O3'.

Change-Id: Ic50650107e939677a286f129251c50ce2dcbf635
---
 linenoise.c        | 2 +-
 linenoise.h        | 2 +-
 scripts/aspell-pws | 1 +
 web.c              | 4 ++--
 web.h              | 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/linenoise.c b/linenoise.c
index c19bd8be1..ec5a25db5 100644
--- a/linenoise.c
+++ b/linenoise.c
@@ -948,7 +948,7 @@ static int line_edit(int stdin_fd,
         char seq[5];
 
         if (eventmux_callback != NULL) {
-            int result = eventmux_callback(l.buf);
+            int result = eventmux_callback(l.buf, l.buflen);
             if (result != 0)
                 return result;
         }
diff --git a/linenoise.h b/linenoise.h
index 0e61e125a..7be690108 100644
--- a/linenoise.h
+++ b/linenoise.h
@@ -54,7 +54,7 @@ typedef struct {
 typedef void(line_completion_callback_t)(const char *, line_completions_t *);
 typedef char *(line_hints_callback_t)(const char *, int *color, int *bold);
 typedef void(line_free_hints_callback_t)(void *);
-typedef int(line_eventmux_callback_t)(char *);
+typedef int(line_eventmux_callback_t)(char *, size_t);
 void line_set_completion_callback(line_completion_callback_t *);
 void line_set_hints_callback(line_hints_callback_t *);
 void line_set_free_hints_callback(line_free_hints_callback_t *);
diff --git a/scripts/aspell-pws b/scripts/aspell-pws
index d902f0d31..9b543e79e 100644
--- a/scripts/aspell-pws
+++ b/scripts/aspell-pws
@@ -77,6 +77,7 @@ epoll
 errno
 etc
 eventfd
+eventmux
 fadvise
 fchdir
 fchmod
diff --git a/web.c b/web.c
index 30b336276..aa97e7aa7 100644
--- a/web.c
+++ b/web.c
@@ -234,7 +234,7 @@ char *web_recv(int fd, struct sockaddr_in *clientaddr)
     return ret;
 }
 
-int web_eventmux(char *buf)
+int web_eventmux(char *buf, size_t buflen)
 {
     fd_set listenset;
 
@@ -259,7 +259,7 @@ int web_eventmux(char *buf)
         char *p = web_recv(web_connfd, &clientaddr);
         char *buffer = "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n";
         web_send(web_connfd, buffer);
-        strncpy(buf, p, strlen(p) + 1);
+        strncpy(buf, p, buflen);
         free(p);
         close(web_connfd);
         return strlen(buf);
diff --git a/web.h b/web.h
index 6b6b8ab04..97e712c6e 100644
--- a/web.h
+++ b/web.h
@@ -9,6 +9,6 @@ char *web_recv(int fd, struct sockaddr_in *clientaddr);
 
 void web_send(int out_fd, char *buffer);
 
-int web_eventmux(char *buf);
+int web_eventmux(char *buf, size_t buflen);
 
 #endif

From 15b9925c20bbe57ad2970ea833d7ca4465c63f74 Mon Sep 17 00:00:00 2001
From: Lumynous <lumynou5.tw@gmail.com>
Date: Mon, 31 Mar 2025 19:00:00 +0800
Subject: [PATCH 4/4] Append null terminator after string copying

The buffer length passed to the callback is the actual length minus 1,
so 'buflen' is not out-of-bounds but exactly the last byte of the
buffer.

Change-Id: I63a2bb1928c80f5c78dac7133133ad2c89f82e5f
---
 web.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/web.c b/web.c
index aa97e7aa7..3fcd7d176 100644
--- a/web.c
+++ b/web.c
@@ -260,6 +260,7 @@ int web_eventmux(char *buf, size_t buflen)
         char *buffer = "HTTP/1.1 200 OK\r\nContent-Type: text/plain\r\n\r\n";
         web_send(web_connfd, buffer);
         strncpy(buf, p, buflen);
+        buf[buflen] = '\0';
         free(p);
         close(web_connfd);
         return strlen(buf);