From aa64ba1587d36de558f47519fa47c27e86c6e49a Mon Sep 17 00:00:00 2001 From: Christian Brabandt Date: Tue, 19 Sep 2023 21:05:20 +0200 Subject: patch 9.0.1916: Crash when allocating large terminal screen Problem: Crash when allocating large terminal screen Solution: Don't allow values > 1000 for terminal screen columns and rows closes: #13126 Signed-off-by: Christian Brabandt --- runtime/doc/visual.txt | 2 +- src/libvterm/src/screen.c | 6 ++++++ src/terminal.c | 4 ++++ src/testdir/test_terminal2.vim | 27 +++++++++++++++++++++++++++ src/version.c | 2 ++ 5 files changed, 40 insertions(+), 1 deletion(-) diff --git a/runtime/doc/visual.txt b/runtime/doc/visual.txt index 616e773fe3..a91969e41e 100644 --- a/runtime/doc/visual.txt +++ b/runtime/doc/visual.txt @@ -183,7 +183,7 @@ If you want to highlight exactly the same area as the last time, you can use CTRL-C In Visual mode: Stop Visual mode. When insert mode is pending (the mode message shows "-- (insert) VISUAL --"), it is also stopped. - On MS-Windows, you may need to press CTRL-Break + On MS-Windows, you may need to press CTRL-Break |dos-CTRL-Break|. ============================================================================== diff --git a/src/libvterm/src/screen.c b/src/libvterm/src/screen.c index 53564be16b..7b3322b639 100644 --- a/src/libvterm/src/screen.c +++ b/src/libvterm/src/screen.c @@ -776,9 +776,15 @@ static int resize(int new_rows, int new_cols, VTermStateFields *fields, void *us if(screen->sb_buffer) vterm_allocator_free(screen->vt, screen->sb_buffer); + if (new_cols > 1000) + new_cols = 1000; + screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols); } + if (new_rows > 1000) + new_rows = 1000; + resize_buffer(screen, 0, new_rows, new_cols, !altscreen_active, fields); if(screen->buffers[BUFIDX_ALTSCREEN]) resize_buffer(screen, 1, new_rows, new_cols, altscreen_active, fields); diff --git a/src/terminal.c b/src/terminal.c index cb889ae19a..991f05652b 100644 --- a/src/terminal.c +++ b/src/terminal.c @@ -272,6 +272,10 @@ parse_termwinsize(win_T *wp, int *rows, int *cols) } *rows = atoi((char *)wp->w_p_tws); *cols = atoi((char *)p + 1); + if (*rows > 1000) + *rows = 1000; + if (*cols > 1000) + *cols = 1000; return minsize; } diff --git a/src/testdir/test_terminal2.vim b/src/testdir/test_terminal2.vim index 8615bf55ad..6ce531ed45 100644 --- a/src/testdir/test_terminal2.vim +++ b/src/testdir/test_terminal2.vim @@ -64,6 +64,14 @@ func Test_terminal_termwinsize_option_zero() call StopShellInTerminal(buf) exe buf . 'bwipe' + " This used to crash Vim + set termwinsize=10000*10000 + let buf = Run_shell_in_terminal({}) + let win = bufwinid(buf) + call assert_equal([1000, 1000], term_getsize(buf)) + call StopShellInTerminal(buf) + exe buf . 'bwipe' + set termwinsize= endfunc @@ -271,6 +279,25 @@ func Test_terminal_resize() set statusline& endfunc +func Test_terminal_resize2() + CheckNotMSWindows + set statusline=x + terminal + call assert_equal(2, winnr('$')) + let buf = bufnr() + + " Wait for the shell to display a prompt + call WaitForAssert({-> assert_notequal('', term_getline(buf, 1))}) + + " This used to crash Vim + call feedkeys("printf '\033[8;99999;99999t'\", 'xt') + redraw + + call feedkeys("exit\", 'xt') + call TermWait(buf) + set statusline& +endfunc + " must be nearly the last, we can't go back from GUI to terminal func Test_zz1_terminal_in_gui() CheckCanRunGui diff --git a/src/version.c b/src/version.c index 03cb97fd05..110a840397 100644 --- a/src/version.c +++ b/src/version.c @@ -699,6 +699,8 @@ static char *(features[]) = static int included_patches[] = { /* Add new patch number below this line */ +/**/ + 1916, /**/ 1915, /**/ -- cgit v1.2.3