Commit: patch 9.2.0297: libvterm: can improve CSI overflow code
1 view
Skip to first unread message
Christian Brabandt
Apr 4, 2026, 5:17:20 AM (8 days ago) Apr 4
to vim...@googlegroups.com
patch 9.2.0297: libvterm: can improve CSI overflow code
Commit: https://github.com/vim/vim/commit/77e7a40af2cab8c0f89a33553af42428b20af233
Author: Yasuhiro Matsumoto <matt...@gmail.com>
Date: Sat Apr 4 09:04:34 2026 +0000
patch 9.2.0297: libvterm: can improve CSI overflow code
Problem: libvterm: can improve CSI overflow code
Solution: Handle overflow cases better (Yasuhiro Matsumoto)
closes: #19903
Signed-off-by: Yasuhiro Matsumoto <matt...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/libvterm/src/parser.c b/src/libvterm/src/parser.c
index e167e0cb1..2ca422f4a 100644
--- a/src/libvterm/src/parser.c
+++ b/src/libvterm/src/parser.c
@@ -230,12 +230,16 @@ size_t vterm_input_write(VTerm *vt, const char *bytes, size_t len)
case CSI_ARGS:
/* Numerical value of argument */
if(c >= '0' && c <= '9') {
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] == CSI_ARG_MISSING)
- vt->parser.v.csi.args[vt->parser.v.csi.argi] = 0;
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] < (CSI_ARG_MISSING - 9) / 10) {
- vt->parser.v.csi.args[vt->parser.v.csi.argi] *= 10;
- vt->parser.v.csi.args[vt->parser.v.csi.argi] += c - '0';
- }
+ long arg_max = CSI_ARG_MISSING - 1;
+ long *arg = &vt->parser.v.csi.args[vt->parser.v.csi.argi];
+ int digit = c - '0';
+
+ if(*arg == CSI_ARG_MISSING)
+ *arg = 0;
+ if(*arg > (arg_max - digit) / 10)
+ *arg = arg_max;
+ else
+ *arg = *arg * 10 + digit;
break;
}
if(c == ':') {
diff --git a/src/testdir/test_terminal3.vim b/src/testdir/test_terminal3.vim
index cdfa18906..04c7c925e 100644
--- a/src/testdir/test_terminal3.vim
+++ b/src/testdir/test_terminal3.vim
@@ -1232,8 +1232,9 @@ endfunc
" Test that CSI sequences with more than CSI_ARGS_MAX arguments do not crash
func Test_terminal_csi_args_overflow()
CheckExecutable printf
- let buf = term_start([&shell, &shellcmdflag,
- \ 'printf " [' . repeat('1;', 49) . '1m"'])
+ let seq = " [" .. repeat('1;', 49) .. '1m'
+ let seq ..= " [1111111111111111111m"
+ let buf = term_start([&shell, &shellcmdflag, 'printf "' .. seq .. '"'])
" If we get here without a crash, the fix works
call assert_equal('running', term_getstatus(buf))
diff --git a/src/version.c b/src/version.c
index 49445781e..abd3f91c0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 297,
/**/
296,
/**/
Commit: https://github.com/vim/vim/commit/77e7a40af2cab8c0f89a33553af42428b20af233
Author: Yasuhiro Matsumoto <matt...@gmail.com>
Date: Sat Apr 4 09:04:34 2026 +0000
patch 9.2.0297: libvterm: can improve CSI overflow code
Problem: libvterm: can improve CSI overflow code
Solution: Handle overflow cases better (Yasuhiro Matsumoto)
closes: #19903
Signed-off-by: Yasuhiro Matsumoto <matt...@gmail.com>
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/src/libvterm/src/parser.c b/src/libvterm/src/parser.c
index e167e0cb1..2ca422f4a 100644
--- a/src/libvterm/src/parser.c
+++ b/src/libvterm/src/parser.c
@@ -230,12 +230,16 @@ size_t vterm_input_write(VTerm *vt, const char *bytes, size_t len)
case CSI_ARGS:
/* Numerical value of argument */
if(c >= '0' && c <= '9') {
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] == CSI_ARG_MISSING)
- vt->parser.v.csi.args[vt->parser.v.csi.argi] = 0;
- if(vt->parser.v.csi.args[vt->parser.v.csi.argi] < (CSI_ARG_MISSING - 9) / 10) {
- vt->parser.v.csi.args[vt->parser.v.csi.argi] *= 10;
- vt->parser.v.csi.args[vt->parser.v.csi.argi] += c - '0';
- }
+ long arg_max = CSI_ARG_MISSING - 1;
+ long *arg = &vt->parser.v.csi.args[vt->parser.v.csi.argi];
+ int digit = c - '0';
+
+ if(*arg == CSI_ARG_MISSING)
+ *arg = 0;
+ if(*arg > (arg_max - digit) / 10)
+ *arg = arg_max;
+ else
+ *arg = *arg * 10 + digit;
break;
}
if(c == ':') {
diff --git a/src/testdir/test_terminal3.vim b/src/testdir/test_terminal3.vim
index cdfa18906..04c7c925e 100644
--- a/src/testdir/test_terminal3.vim
+++ b/src/testdir/test_terminal3.vim
@@ -1232,8 +1232,9 @@ endfunc
" Test that CSI sequences with more than CSI_ARGS_MAX arguments do not crash
func Test_terminal_csi_args_overflow()
CheckExecutable printf
- let buf = term_start([&shell, &shellcmdflag,
- \ 'printf " [' . repeat('1;', 49) . '1m"'])
+ let seq = " [" .. repeat('1;', 49) .. '1m'
+ let seq ..= " [1111111111111111111m"
+ let buf = term_start([&shell, &shellcmdflag, 'printf "' .. seq .. '"'])
" If we get here without a crash, the fix works
call assert_equal('running', term_getstatus(buf))
diff --git a/src/version.c b/src/version.c
index 49445781e..abd3f91c0 100644
--- a/src/version.c
+++ b/src/version.c
@@ -734,6 +734,8 @@ static char *(features[]) =
static int included_patches[] =
{ /* Add new patch number below this line */
+/**/
+ 297,
/**/
296,
/**/
Reply all
Reply to author
Forward
0 new messages