changeset 20957:2f2bc98a8dfb v8.2.1030

patch 8.2.1030: reducing size of a terminal window may cause a crash Commit: https://github.com/vim/vim/commit/da58134eedf43ae4b9013c93ecbdf55e4da4b8a3 Author: Bram Moolenaar <Bram@vim.org> Date: Sun Jun 21 17:57:32 2020 +0200 patch 8.2.1030: reducing size of a terminal window may cause a crash Problem: Reducing size of a terminal window may cause a crash. Solution: Make sure the row and column don't become negative. (closes https://github.com/vim/vim/issues/6273)
author Bram Moolenaar <Bram@vim.org>
date Sun, 21 Jun 2020 18:00:04 +0200
parents be36cdf5d8a0
children 4cfc5977d0fd
files src/libvterm/src/screen.c src/libvterm/src/state.c src/version.c
diffstat 3 files changed, 18 insertions(+), 10 deletions(-) [+]
line wrap: on
line diff
--- a/src/libvterm/src/screen.c
+++ b/src/libvterm/src/screen.c
@@ -646,6 +646,12 @@ static int setlineinfo(int row, const VT
      newinfo->doubleheight != oldinfo->doubleheight) {
     for(col = 0; col < screen->cols; col++) {
       ScreenCell *cell = getcell(screen, row, col);
+      if (cell == NULL)
+      {
+        DEBUG_LOG2("libvterm: setlineinfo() position invalid: %d / %d",
+								     row, col);
+	return 1;
+      }
       cell->pen.dwl = newinfo->doublewidth;
       cell->pen.dhl = newinfo->doubleheight;
     }
@@ -773,6 +779,12 @@ static size_t _get_chars(const VTermScre
       ScreenCell *cell = getcell(screen, row, col);
       int i;
 
+      if (cell == NULL)
+      {
+        DEBUG_LOG2("libvterm: _get_chars() position invalid: %d / %d",
+								     row, col);
+	return 1;
+      }
       if(cell->chars[0] == 0)
         // Erased cell, might need a space
         padding++;
--- a/src/libvterm/src/state.c
+++ b/src/libvterm/src/state.c
@@ -17,11 +17,6 @@ static void putglyph(VTermState *state, 
 {
   VTermGlyphInfo info;
 
-  if (pos.row >= state->rows)
-  {
-    DEBUG_LOG2("libvterm: putglyph() pos.row %d out of range (rows = %d)\n", pos.row, state.rows);
-    return;
-  }
   info.chars = chars;
   info.width = width;
   info.protected_cell = state->protected_cell;
@@ -289,11 +284,6 @@ static int on_text(const char bytes[], s
 
   VTermPos oldpos = state->pos;
 
-  if (state->pos.row >= state->rows)
-  {
-    DEBUG_LOG2("libvterm: on_text() pos.row %d out of range (rows = %d)\n", state->pos.row, state->rows);
-    return 0;
-  }
   // We'll have at most len codepoints, plus one from a previous incomplete
   // sequence.
   codepoints = vterm_allocator_malloc(state->vt, (len + 1) * sizeof(uint32_t));
@@ -1856,8 +1846,12 @@ static int on_resize(int rows, int cols,
 
   if(state->pos.row >= rows)
     state->pos.row = rows - 1;
+  if(state->pos.row < 0)
+    state->pos.row = 0;
   if(state->pos.col >= cols)
     state->pos.col = cols - 1;
+  if(state->pos.col < 0)
+    state->pos.col = 0;
 
   updatecursor(state, &oldpos, 1);
 
--- a/src/version.c
+++ b/src/version.c
@@ -755,6 +755,8 @@ static char *(features[]) =
 static int included_patches[] =
 {   /* Add new patch number below this line */
 /**/
+    1030,
+/**/
     1029,
 /**/
     1028,