neovim

kevin/neovim

Fork 0

mirror of https://github.com/neovim/neovim.git synced 2025-01-01 17:23:36 -07:00

Commit Graph

Author	SHA1	Message	Date
Gregory Anders	6d997f8068	fix(terminal): handle C0 characters in OSC terminator (#30090 ) When a C0 character is present in an OSC terminator (i.e. after the ESC but before a \ (0x5c) or printable character), vterm executes the control character and resets the current string fragment. If the C0 character is the final byte in the sequence, the string fragment has a zero length. However, because the VT parser is still in the "escape" state, vterm attempts to subtract 1 from the string length (to account for the escape character). When the string fragment is empty, this causes an underflow in the unsigned size variable, resulting in a buffer overflow. The fix is simple: explicitly check if the string length is non-zero before subtracting.	2024-08-19 06:43:06 -05:00

Author

SHA1

Message

Date

Gregory Anders

6d997f8068

fix(terminal): handle C0 characters in OSC terminator (#30090 )

When a C0 character is present in an OSC terminator (i.e. after the ESC
but before a \ (0x5c) or printable character), vterm executes the
control character and resets the current string fragment. If the C0
character is the final byte in the sequence, the string fragment has a
zero length. However, because the VT parser is still in the "escape"
state, vterm attempts to subtract 1 from the string length (to account
for the escape character). When the string fragment is empty, this
causes an underflow in the unsigned size variable, resulting in a buffer
overflow.

The fix is simple: explicitly check if the string length is non-zero
before subtracting.

2024-08-19 06:43:06 -05:00

1 Commits