mirror of
https://github.com/neovim/neovim.git
synced 2024-12-29 14:41:06 -07:00
6d997f8068
When a C0 character is present in an OSC terminator (i.e. after the ESC but before a \ (0x5c) or printable character), vterm executes the control character and resets the current string fragment. If the C0 character is the final byte in the sequence, the string fragment has a zero length. However, because the VT parser is still in the "escape" state, vterm attempts to subtract 1 from the string length (to account for the escape character). When the string fragment is empty, this causes an underflow in the unsigned size variable, resulting in a buffer overflow. The fix is simple: explicitly check if the string length is non-zero before subtracting. |
||
|---|---|---|
| .. | ||
| api | ||
| autocmd | ||
| core | ||
| editor | ||
| ex_cmds | ||
| fixtures | ||
| legacy | ||
| lua | ||
| options | ||
| plugin | ||
| provider | ||
| script | ||
| shada | ||
| terminal | ||
| treesitter | ||
| ui | ||
| vimscript | ||
| example_spec.lua | ||
| preload.lua | ||
| testnvim.lua | ||