# HG changeset patch # User Christian Brabandt # Date 1695151803 -7200 # Node ID 1bc6f08997153149cbdfb8a6928da45b54831635 # Parent b73d6daab5a7a5fead854899200412a4556ee097 patch 9.0.1916: Crash when allocating large terminal screen Commit: https://github.com/vim/vim/commit/aa64ba1587d36de558f47519fa47c27e86c6e49a Author: Christian Brabandt Date: Tue Sep 19 21:05:20 2023 +0200 patch 9.0.1916: Crash when allocating large terminal screen Problem: Crash when allocating large terminal screen Solution: Don't allow values > 1000 for terminal screen columns and rows closes: #13126 Signed-off-by: Christian Brabandt diff --git a/runtime/doc/visual.txt b/runtime/doc/visual.txt --- a/runtime/doc/visual.txt +++ b/runtime/doc/visual.txt @@ -183,7 +183,7 @@ If you want to highlight exactly the sam CTRL-C In Visual mode: Stop Visual mode. When insert mode is pending (the mode message shows "-- (insert) VISUAL --"), it is also stopped. - On MS-Windows, you may need to press CTRL-Break + On MS-Windows, you may need to press CTRL-Break |dos-CTRL-Break|. ============================================================================== diff --git a/src/libvterm/src/screen.c b/src/libvterm/src/screen.c --- a/src/libvterm/src/screen.c +++ b/src/libvterm/src/screen.c @@ -776,9 +776,15 @@ static int resize(int new_rows, int new_ if(screen->sb_buffer) vterm_allocator_free(screen->vt, screen->sb_buffer); + if (new_cols > 1000) + new_cols = 1000; + screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols); } + if (new_rows > 1000) + new_rows = 1000; + resize_buffer(screen, 0, new_rows, new_cols, !altscreen_active, fields); if(screen->buffers[BUFIDX_ALTSCREEN]) resize_buffer(screen, 1, new_rows, new_cols, altscreen_active, fields); diff --git a/src/terminal.c b/src/terminal.c --- a/src/terminal.c +++ b/src/terminal.c @@ -272,6 +272,10 @@ parse_termwinsize(win_T *wp, int *rows, } *rows = atoi((char *)wp->w_p_tws); *cols = atoi((char *)p + 1); + if (*rows > 1000) + *rows = 1000; + if (*cols > 1000) + *cols = 1000; return minsize; } diff --git a/src/testdir/test_terminal2.vim b/src/testdir/test_terminal2.vim --- a/src/testdir/test_terminal2.vim +++ b/src/testdir/test_terminal2.vim @@ -64,6 +64,14 @@ func Test_terminal_termwinsize_option_ze call StopShellInTerminal(buf) exe buf . 'bwipe' + " This used to crash Vim + set termwinsize=10000*10000 + let buf = Run_shell_in_terminal({}) + let win = bufwinid(buf) + call assert_equal([1000, 1000], term_getsize(buf)) + call StopShellInTerminal(buf) + exe buf . 'bwipe' + set termwinsize= endfunc @@ -271,6 +279,25 @@ func Test_terminal_resize() set statusline& endfunc +func Test_terminal_resize2() + CheckNotMSWindows + set statusline=x + terminal + call assert_equal(2, winnr('$')) + let buf = bufnr() + + " Wait for the shell to display a prompt + call WaitForAssert({-> assert_notequal('', term_getline(buf, 1))}) + + " This used to crash Vim + call feedkeys("printf '\033[8;99999;99999t'\", 'xt') + redraw + + call feedkeys("exit\", 'xt') + call TermWait(buf) + set statusline& +endfunc + " must be nearly the last, we can't go back from GUI to terminal func Test_zz1_terminal_in_gui() CheckCanRunGui diff --git a/src/version.c b/src/version.c --- a/src/version.c +++ b/src/version.c @@ -700,6 +700,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ /**/ + 1916, +/**/ 1915, /**/ 1914,