Fix potential out of bounds read

LingMan · LingMan · commit 05bcc8dba09c · 2023-08-30T21:51:31.000+02:00
In some situations involving long paths it is possible that `GetFileInformationByHandleEx` produces a `FILE_NAME_INFO` with `FileNameLength` exceeding the provided buffer [1]. Return `false` from `msys_tty_on` if that happens, instead of reading beyond the end of the allocation. [1] sunfishcode/is-terminal#18
diff --git a/src/windows_term/mod.rs b/src/windows_term/mod.rs
@@ -548,10 +548,14 @@ pub fn msys_tty_on(term: &Term) -> bool {
             return false;
         }
 
-        let s = slice::from_raw_parts(
-            name_info.FileName.as_ptr(),
-            name_info.FileNameLength as usize / 2,
-        );
+        // Use `get` because `FileNameLength` can be out of range.
+        let s = match name_info
+            .FileName
+            .get(..name_info.FileNameLength as usize / 2)
+        {
+            Some(s) => s,
+            None => return false,
+        };
         let name = String::from_utf16_lossy(s);
         // This checks whether 'pty' exists in the file name, which indicates that
         // a pseudo-terminal is attached. To mitigate against false positives
