patch 9.0.1916: Crash when allocating large terminal screen
Problem: Crash when allocating large terminal screen
Solution: Don't allow values > 1000 for terminal
screen columns and rows
closes: #13126
Signed-off-by: Christian Brabandt <cb@256bit.org>
diff --git a/src/libvterm/src/screen.c b/src/libvterm/src/screen.c
index 53564be..7b3322b 100644
--- a/src/libvterm/src/screen.c
+++ b/src/libvterm/src/screen.c
@@ -776,9 +776,15 @@
if(screen->sb_buffer)
vterm_allocator_free(screen->vt, screen->sb_buffer);
+ if (new_cols > 1000)
+ new_cols = 1000;
+
screen->sb_buffer = vterm_allocator_malloc(screen->vt, sizeof(VTermScreenCell) * new_cols);
}
+ if (new_rows > 1000)
+ new_rows = 1000;
+
resize_buffer(screen, 0, new_rows, new_cols, !altscreen_active, fields);
if(screen->buffers[BUFIDX_ALTSCREEN])
resize_buffer(screen, 1, new_rows, new_cols, altscreen_active, fields);
diff --git a/src/terminal.c b/src/terminal.c
index cb889ae..991f056 100644
--- a/src/terminal.c
+++ b/src/terminal.c
@@ -272,6 +272,10 @@
}
*rows = atoi((char *)wp->w_p_tws);
*cols = atoi((char *)p + 1);
+ if (*rows > 1000)
+ *rows = 1000;
+ if (*cols > 1000)
+ *cols = 1000;
return minsize;
}
diff --git a/src/testdir/test_terminal2.vim b/src/testdir/test_terminal2.vim
index 8615bf5..6ce531e 100644
--- a/src/testdir/test_terminal2.vim
+++ b/src/testdir/test_terminal2.vim
@@ -64,6 +64,14 @@
call StopShellInTerminal(buf)
exe buf . 'bwipe'
+ " This used to crash Vim
+ set termwinsize=10000*10000
+ let buf = Run_shell_in_terminal({})
+ let win = bufwinid(buf)
+ call assert_equal([1000, 1000], term_getsize(buf))
+ call StopShellInTerminal(buf)
+ exe buf . 'bwipe'
+
set termwinsize=
endfunc
@@ -271,6 +279,25 @@
set statusline&
endfunc
+func Test_terminal_resize2()
+ CheckNotMSWindows
+ set statusline=x
+ terminal
+ call assert_equal(2, winnr('$'))
+ let buf = bufnr()
+
+ " Wait for the shell to display a prompt
+ call WaitForAssert({-> assert_notequal('', term_getline(buf, 1))})
+
+ " This used to crash Vim
+ call feedkeys("printf '\033[8;99999;99999t'\<CR>", 'xt')
+ redraw
+
+ call feedkeys("exit\<CR>", 'xt')
+ call TermWait(buf)
+ set statusline&
+endfunc
+
" must be nearly the last, we can't go back from GUI to terminal
func Test_zz1_terminal_in_gui()
CheckCanRunGui
diff --git a/src/version.c b/src/version.c
index 03cb97f..110a840 100644
--- a/src/version.c
+++ b/src/version.c
@@ -700,6 +700,8 @@
static int included_patches[] =
{ /* Add new patch number below this line */
/**/
+ 1916,
+/**/
1915,
/**/
1914,