mirror of
https://github.com/neovim/neovim.git
synced 2024-12-20 03:05:11 -07:00
6d997f8068
When a C0 character is present in an OSC terminator (i.e. after the ESC but before a \ (0x5c) or printable character), vterm executes the control character and resets the current string fragment. If the C0 character is the final byte in the sequence, the string fragment has a zero length. However, because the VT parser is still in the "escape" state, vterm attempts to subtract 1 from the string length (to account for the escape character). When the string fragment is empty, this causes an underflow in the unsigned size variable, resulting in a buffer overflow. The fix is simple: explicitly check if the string length is non-zero before subtracting.
16 lines
400 B
Lua
16 lines
400 B
Lua
local n = require('test.functional.testnvim')()
|
|
|
|
local clear = n.clear
|
|
local api = n.api
|
|
local assert_alive = n.assert_alive
|
|
|
|
describe(':terminal', function()
|
|
before_each(clear)
|
|
|
|
it('handles invalid OSC terminators #30084', function()
|
|
local chan = api.nvim_open_term(0, {})
|
|
api.nvim_chan_send(chan, '\027]8;;https://example.com\027\\Example\027]8;;\027\n')
|
|
assert_alive()
|
|
end)
|
|
end)
|