Mercurial > vim

changeset 33301:1bc6f0899715 v9.0.1916

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
patch 9.0.1916: Crash when allocating large terminal screen Commit: https://github.com/vim/vim/commit/aa64ba1587d36de558f47519fa47c27e86c6e49a Author: Christian Brabandt <cb@256bit.org> Date: Tue Sep 19 21:05:20 2023 +0200 patch 9.0.1916: Crash when allocating large terminal screen Problem: Crash when allocating large terminal screen Solution: Don't allow values > 1000 for terminal screen columns and rows closes: #13126 Signed-off-by: Christian Brabandt <cb@256bit.org>
author Christian Brabandt <cb@256bit.org>
date Tue, 19 Sep 2023 21:30:03 +0200
parents b73d6daab5a7
children e93c5a23154b
files runtime/doc/visual.txt src/libvterm/src/screen.c src/terminal.c src/testdir/test_terminal2.vim src/version.c
diffstat 5 files changed, 40 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/runtime/doc/visual.txt
+++ b/runtime/doc/visual.txt
@@ -183,7 +183,7 @@ If you want to highlight exactly the sam
 CTRL-C			In Visual mode: Stop Visual mode.  When insert mode is
 			pending (the mode message shows
 			"-- (insert) VISUAL --"), it is also stopped.
-			On MS-Windows, you may need to press CTRL-Break 
+			On MS-Windows, you may need to press CTRL-Break
 			|dos-CTRL-Break|.
 
 ==============================================================================
--- a/src/libvterm/src/screen.c
+++ b/src/libvterm/src/screen.c
@@ -776,9 +776,15 @@ static int resize(int new_rows, int new_
     if(screen->sb_buffer)
       vterm_allocator_free(screen->vt, screen->sb_buffer);
 
+    if (new_cols > 1000)
+      new_cols = 1000;
+
     screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols);
   }
 
+  if (new_rows > 1000)
+    new_rows = 1000;
+
   resize_buffer(screen, 0, new_rows, new_cols, !altscreen_active, fields);
   if(screen->buffers[BUFIDX_ALTSCREEN])
     resize_buffer(screen, 1, new_rows, new_cols, altscreen_active, fields);
--- a/src/terminal.c
+++ b/src/terminal.c
@@ -272,6 +272,10 @@ parse_termwinsize(win_T *wp, int *rows, 
     }
     *rows = atoi((char *)wp->w_p_tws);
     *cols = atoi((char *)p + 1);
+    if (*rows > 1000)
+	*rows = 1000;
+    if (*cols > 1000)
+	*cols = 1000;
     return minsize;
 }
 
--- a/src/testdir/test_terminal2.vim
+++ b/src/testdir/test_terminal2.vim
@@ -64,6 +64,14 @@ func Test_terminal_termwinsize_option_ze
   call StopShellInTerminal(buf)
   exe buf . 'bwipe'
 
+  " This used to crash Vim
+  set termwinsize=10000*10000
+  let buf = Run_shell_in_terminal({})
+  let win = bufwinid(buf)
+  call assert_equal([1000, 1000], term_getsize(buf))
+  call StopShellInTerminal(buf)
+  exe buf . 'bwipe'
+
   set termwinsize=
 endfunc
 
@@ -271,6 +279,25 @@ func Test_terminal_resize()
   set statusline&
 endfunc
 
+func Test_terminal_resize2()
+  CheckNotMSWindows
+  set statusline=x
+  terminal
+  call assert_equal(2, winnr('$'))
+  let buf = bufnr()
+
+  " Wait for the shell to display a prompt
+  call WaitForAssert({-> assert_notequal('', term_getline(buf, 1))})
+
+  " This used to crash Vim
+  call feedkeys("printf '\033[8;99999;99999t'\<CR>", 'xt')
+  redraw
+
+  call feedkeys("exit\<CR>", 'xt')
+  call TermWait(buf)
+  set statusline&
+endfunc
+
 " must be nearly the last, we can't go back from GUI to terminal
 func Test_zz1_terminal_in_gui()
   CheckCanRunGui
--- a/src/version.c
+++ b/src/version.c
@@ -700,6 +700,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1916,
+/**/
     1915,
 /**/
     1914,