patch 9.2.0297: libvterm: can improve CSI overflow code
Commit:
https://github.com/vim/vim/commit/77e7a40af2cab8c0f89a33553af42428b20af233
Author: Yasuhiro Matsumoto <[email protected]>
Date: Sat Apr 4 09:04:34 2026 +0000
patch 9.2.0297: libvterm: can improve CSI overflow code
Problem: libvterm: can improve CSI overflow code
Solution: Handle overflow cases better (Yasuhiro Matsumoto)
closes: #19903
Signed-off-by: Yasuhiro Matsumoto <[email protected]>
Signed-off-by: Christian Brabandt <[email protected]>
diff --git a/src/libvterm/src/parser.c b/src/libvterm/src/parser.c
index e167e0cb1..2ca422f4a 100644
--- a/src/libvterm/src/parser.c
+++ b/src/libvterm/src/parser.c
@@ -230,12 +230,16 @@ size_t vterm_input_write(VTerm *vt, const char *bytes,
size_t len)
case CSI_ARGS:
/* Numerical value of argument */
if(c >= '0' && c <= '9') {
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] == CSI_ARG_MISSING)
- vt->parser.v.csi.args[vt->parser.v.csi.argi] = 0;
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] < (CSI_ARG_MISSING -
9) / 10) {
- vt->parser.v.csi.args[vt->parser.v.csi.argi] *= 10;
- vt->parser.v.csi.args[vt->parser.v.csi.argi] += c - '0';
- }
+ long arg_max = CSI_ARG_MISSING - 1;
+ long *arg = &vt->parser.v.csi.args[vt->parser.v.csi.argi];
+ int digit = c - '0';
+
+ if(*arg == CSI_ARG_MISSING)
+ *arg = 0;
+ if(*arg > (arg_max - digit) / 10)
+ *arg = arg_max;
+ else
+ *arg = *arg * 10 + digit;
break;
}
if(c == ':') {
diff --git a/src/testdir/test_terminal3.vim b/src/testdir/test_terminal3.vim
index cdfa18906..04c7c925e 100644
--- a/src/testdir/test_terminal3.vim
+++ b/src/testdir/test_terminal3.vim
@@ -1232,8 +1232,9 @@ endfunc
" Test that CSI sequences with more than CSI_ARGS_MAX arguments do not crash
func Test_terminal_csi_args_overflow()
CheckExecutable printf
- let buf = term_start([&shell, &shellcmdflag,
- \ 'printf " [' . repeat('1;', 49) . '1m"'])
+ let seq = " [" .. repeat('1;', 49) .. '1m'
+ let seq ..= " [1111111111111111111m"
+ let buf = term_start([&shell, &shellcmdflag, 'printf "' .. seq .. '"'])
" If we get here without a crash, the fix works
call assert_equal('running', term_getstatus(buf))
diff --git a/src/version.c b/src/version.c
index 49445781e..abd3f91c0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 297,
/**/
296,
/**/
--
--
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups
"vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion visit
https://groups.google.com/d/msgid/vim_dev/E1w8x5r-003Tes-Vr%40256bit.org.
