From 098403eba68799fe2adef6f806e3447108540f51 Mon Sep 17 00:00:00 2001
From: korei999 <ju7t1xe@gmail.com>
Date: Fri, 17 Jan 2025 19:05:25 +0200
Subject: [PATCH 1/3] arraylist_add: don't overflow when strcpy to the icon

---
 file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/file.c b/file.c
index 3091abb..1f9ebca 100644
--- a/file.c
+++ b/file.c
@@ -69,7 +69,7 @@ void arraylist_remove(ArrayList *list, long index)
 void arraylist_add(ArrayList *list, char *name, char *path, char *stats, int type, char *icon, int color, int marked, int force)
 {
 	file new_file = { name, path, type, stats, color };
-	strcpy(new_file.icon, icon);
+	strncpy(new_file.icon, icon, sizeof(new_file.icon) / sizeof(new_file.icon[0]));
 
 	if (list->capacity != list->length) {
 		if (marked) {

From 2170c3dbf21c60b092ff9906696f1806c1be3e20 Mon Sep 17 00:00:00 2001
From: korei999 <ju7t1xe@gmail.com>
Date: Fri, 17 Jan 2025 19:29:41 +0200
Subject: [PATCH 2/3] file: increase icon to 8 bytes; add icon size range
 checks

---
 ccc.c  | 17 ++++++++++-------
 file.h |  2 +-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/ccc.c b/ccc.c
index 5ebfd19..1e4fecf 100644
--- a/ccc.c
+++ b/ccc.c
@@ -414,8 +414,8 @@ void add_file_stat(char *filename, char *path, int ftype)
 			arraylist_add(files, filename, path, NULL, REG, NULL, DEF_COLOR, 0, 0);
 	}
 
-	int type;
-	char icon_str[5];
+	int type = 0;
+	char icon_str[8] = {0};
 
 	filename[strlen(filename)] = '\0';
 	/* handle file without extension
@@ -427,17 +427,20 @@ void add_file_stat(char *filename, char *path, int ftype)
 	}
 	/* add file extension */
 	icon *ext_icon = hashtable_search(ext ? ext : filename);
-	if (!ext_icon)
-		memcpy(icon_str, "", 4);
-	else 
-		memcpy(icon_str, ext_icon->icon, 4);
+	if (!ext_icon) {
+		char ch[] = "";
+		memcpy(icon_str, ch, sizeof(ch));
+	} else {
+		strncpy(icon_str, ext_icon->icon, sizeof(icon_str));
+	}
 
 	int color = DEF_COLOR;
 
 	if (S_ISDIR(file_stat.st_mode)) {
 		type = DRY; /* dir */
 		color = DIR_COLOR;
-		memcpy(icon_str, "󰉋", 4);
+		char ch[] = "󰉋";
+		memcpy(icon_str, ch, sizeof(ch));
 	} else if (S_ISREG(file_stat.st_mode)) {
 		type = REG; /* regular file */
 		color = REG_COLOR;
diff --git a/file.h b/file.h
index 9796acf..4e89ebe 100644
--- a/file.h
+++ b/file.h
@@ -19,7 +19,7 @@ typedef struct {
 	int type;
 	char *stats;
 	int color;
-	char icon[5];
+	char icon[8];
 } file;
 
 typedef struct {

From fcee0d2ee0f582f03dc085222609966e020ba115 Mon Sep 17 00:00:00 2001
From: korei999 <ju7t1xe@gmail.com>
Date: Fri, 17 Jan 2025 20:55:55 +0200
Subject: [PATCH 3/3] use after free on failed stat()

---
 ccc.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/ccc.c b/ccc.c
index 1e4fecf..1559a6d 100644
--- a/ccc.c
+++ b/ccc.c
@@ -409,9 +409,8 @@ void add_file_stat(char *filename, char *path, int ftype)
 {
 	struct stat file_stat;
 	if (stat(path, &file_stat) == -1) {
-		/* can't be triggered? */
-		if (errno == EACCES)
-			arraylist_add(files, filename, path, NULL, REG, NULL, DEF_COLOR, 0, 0);
+        perror("stat()");
+        return;
 	}
 
 	int type = 0;
@@ -547,8 +546,11 @@ void show_file_content(void)
 
 	move_cursor(1, half_width);
 	if (current_file.type == DRY) {
-		ArrayList *files_visit;
+		ArrayList *files_visit = NULL;
 		populate_files(current_file.name, 0, &files_visit);
+        if (!files_visit)
+            return;
+
 		for (long i = 0; i < files_visit->length && i < rows - 1; i++) {
 			char *line = get_line(files_visit, i, 0, show_icons);
 			int color = files_visit->items[i].color;