mirrors/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim.git synced 2025-10-09 19:36:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(terminal): handle C0 characters in OSC terminator (#30090)

Browse Source 
When a C0 character is present in an OSC terminator (i.e. after the ESC
but before a \ (0x5c) or printable character), vterm executes the
control character and resets the current string fragment. If the C0
character is the final byte in the sequence, the string fragment has a
zero length. However, because the VT parser is still in the "escape"
state, vterm attempts to subtract 1 from the string length (to account
for the escape character). When the string fragment is empty, this
causes an underflow in the unsigned size variable, resulting in a buffer
overflow.

The fix is simple: explicitly check if the string length is non-zero
before subtracting.
This commit is contained in:
Gregory Anders
2024-08-19 06:43:06 -05:00
committed by GitHub
parent 33464189bc
commit 6d997f8068
3 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/nvim/terminal.c
View File

@@ -271,10 +271,11 @@ static int parse_osc8(VTermStringFragment frag, int *attr)
}
static int on_osc(int command, VTermStringFragment frag, void *user)
FUNC_ATTR_NONNULL_ALL
{
Terminal *term = user;
if (frag.str == NULL) {
if (frag.str == NULL || frag.len == 0) {
return 0;
}