CVS commit: [netbsd-9] xsrc/external/mit/xterm/dist

[Martin Husemann]

Module Name:    xsrc
Committed By:   martin
Date:           Thu Feb  3 14:19:04 UTC 2022

Modified Files:
        xsrc/external/mit/xterm/dist [netbsd-9]: graphics_sixel.c

Log Message:
Pull up following revision(s) (requested by mrg in ticket #1425):

        xsrc/external/mit/xterm/dist/graphics_sixel.c: revision 1.2 (patch)

apply upstream fix for CVE-2022-24130.


To generate a diff of this commit:
cvs rdiff -u -r1.1.1.3.4.1 -r1.1.1.3.4.2 \
    xsrc/external/mit/xterm/dist/graphics_sixel.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: xsrc/external/mit/xterm/dist/graphics_sixel.c
diff -u xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.4.1 xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.4.2
--- xsrc/external/mit/xterm/dist/graphics_sixel.c:1.1.1.3.4.1	Wed Feb 17 09:44:59 2021
+++ xsrc/external/mit/xterm/dist/graphics_sixel.c	Thu Feb  3 14:19:04 2022
@@ -1,8 +1,8 @@
 /* $XTermId: graphics_sixel.c,v 1.28 2020/08/06 20:32:33 Ben.Wong Exp $ */
 
 /*
- * Copyright 2014-2016,2020 by Ross Combs
- * Copyright 2014-2016,2020 by Thomas E. Dickey
+ * Copyright 2014-2021,2022 by Ross Combs
+ * Copyright 2014-2021,2022 by Thomas E. Dickey
  *
  *                         All Rights Reserved
  *
@@ -149,7 +149,7 @@ init_sixel_background(Graphic *graphic, 
     graphic->color_registers_used[context->background] = 1;
 }
 
-static void
+static Boolean
 set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
 {
     const int mh = graphic->max_height;
@@ -170,7 +170,10 @@ set_sixel(Graphic *graphic, SixelContext
 	   ((color != COLOR_HOLE)
 	    ? (unsigned) graphic->color_registers[color].b : 0U)));
     for (pix = 0; pix < 6; pix++) {
-	if (context->col < mw && context->row + pix < mh) {
+	if (context->col >= 0 &&
+	    context->col < mw &&
+	    context->row + pix >= 0 &&
+	    context->row + pix < mh) {
 	    if (sixel & (1 << pix)) {
 		if (context->col + 1 > graphic->actual_width) {
 		    graphic->actual_width = context->col + 1;
@@ -183,8 +186,10 @@ set_sixel(Graphic *graphic, SixelContext
 	    }
 	} else {
 	    TRACE(("sixel pixel %d out of bounds\n", pix));
+	    return False;
 	}
     }
+    return True;
 }
 
 static void
@@ -462,8 +467,12 @@ parse_sixel(XtermWidget xw, ANSI *params
 		init_sixel_background(graphic, &context);
 		graphic->valid = 1;
 	    }
-	    if (sixel)
-		set_sixel(graphic, &context, sixel);
+	    if (sixel) {
+		if (!set_sixel(graphic, &context, sixel)) {
+		    context.col = 0;
+		    break;
+		}
+	    }
 	    context.col++;
 	} else if (ch == '$') {	/* DECGCR */
 	    /* ignore DECCRNLM in sixel mode */
@@ -531,8 +540,12 @@ parse_sixel(XtermWidget xw, ANSI *params
 	    if (sixel) {
 		int i;
 		for (i = 0; i < Pcount; i++) {
-		    set_sixel(graphic, &context, sixel);
-		    context.col++;
+		    if (set_sixel(graphic, &context, sixel)) {
+			context.col++;
+		    } else {
+			context.col = 0;
+			break;
+		    }
 		}
 	    } else {
 		context.col += Pcount;