fix(terminal): handle C0 characters in OSC terminator (#30090)

When a C0 character is present in an OSC terminator (i.e. after the ESC but before a \ (0x5c) or printable character), vterm executes the control character and resets the current string fragment. If the C0 character is the final byte in the sequence, the string fragment has a zero length. However, because the VT parser is still in the "escape" state, vterm attempts to subtract 1 from the string length (to account for the escape character). When the string fragment is empty, this causes an underflow in the unsigned size variable, resulting in a buffer overflow. The fix is simple: explicitly check if the string length is non-zero before subtracting.
2025-09-07 03:48:18 +00:00 · 2024-08-19 06:43:06 -05:00
parent 33464189bc
commit 6d997f8068
3 changed files with 27 additions and 5 deletions
--- a/test/functional/terminal/parser_spec.lua
+++ b/test/functional/terminal/parser_spec.lua
@@ -0,0 +1,15 @@
+local n = require('test.functional.testnvim')()
+
+local clear = n.clear
+local api = n.api
+local assert_alive = n.assert_alive
+
+describe(':terminal', function()
+  before_each(clear)
+
+  it('handles invalid OSC terminators #30084', function()
+    local chan = api.nvim_open_term(0, {})
+    api.nvim_chan_send(chan, '\027]8;;https://example.com\027\\Example\027]8;;\027\n')
+    assert_alive()
+  end)
+end)