patch 9.2.0297: libvterm: can improve CSI overflow code

Problem:  libvterm: can improve CSI overflow code
Solution: Handle overflow cases better (Yasuhiro Matsumoto)

closes: #19903

Signed-off-by: Yasuhiro Matsumoto <mattn.jp@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

diff --git a/src/libvterm/src/parser.c b/src/libvterm/src/parser.c
index e167e0cb1a5c12889c910e1bebda03059d920479..2ca422f4a22cda182c186188a0d86f5ce785252a 100644 (file)
--- a/src/libvterm/src/parser.c
+++ b/src/libvterm/src/parser.c
@@ -230,12 +230,16 @@ size_t vterm_input_write(VTerm *vt, const char *bytes, size_t len)
     case CSI_ARGS:
       /* Numerical value of argument */
       if(c >= '0' && c <= '9') {
-        if(vt->parser.v.csi.args[vt->parser.v.csi.argi] == CSI_ARG_MISSING)
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] = 0;
-        if(vt->parser.v.csi.args[vt->parser.v.csi.argi] < (CSI_ARG_MISSING - 9) / 10) {
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] *= 10;
-          vt->parser.v.csi.args[vt->parser.v.csi.argi] += c - '0';
-        }
+        long arg_max = CSI_ARG_MISSING - 1;
+        long *arg = &vt->parser.v.csi.args[vt->parser.v.csi.argi];
+        int digit = c - '0';
+
+        if(*arg == CSI_ARG_MISSING)
+          *arg = 0;
+        if(*arg > (arg_max - digit) / 10)
+          *arg = arg_max;
+        else
+          *arg = *arg * 10 + digit;
         break;
       }
       if(c == ':') {

diff --git a/src/testdir/test_terminal3.vim b/src/testdir/test_terminal3.vim
index cdfa1890680ac73f409a7297dc743e304c1aea4a..04c7c925e37606ee8964813d0c1775fd7716a7f6 100644 (file)
--- a/src/testdir/test_terminal3.vim
+++ b/src/testdir/test_terminal3.vim
@@ -1232,8 +1232,9 @@ endfunc
 " Test that CSI sequences with more than CSI_ARGS_MAX arguments do not crash
 func Test_terminal_csi_args_overflow()
   CheckExecutable printf
-  let buf = term_start([&shell, &shellcmdflag,
-        \ 'printf "\033[' . repeat('1;', 49) . '1m"'])
+  let seq = "\033[" .. repeat('1;', 49) .. '1m'
+  let seq ..= "\033[1111111111111111111m"
+  let buf = term_start([&shell, &shellcmdflag, 'printf "' .. seq .. '"'])
 
   " If we get here without a crash, the fix works
   call assert_equal('running', term_getstatus(buf))

diff --git a/src/version.c b/src/version.c
index 49445781ee007b933b37de492d4b6b725bb4b1cd..abd3f91c0f8fc338dad1c2f38d20b2aed8c0669d 100644 (file)
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    297,
 /**/
     296,
 /**/