csi: clamp color index for ‘CSI 38/48 ; 5 ; idx m’ sequences

Indexed color values are stored in the cell attributes as color
indices (into the 256-color table). However, the index from the CSI
was not validated in any way, meaning you can do something like this:

  echo -e ‘\e[38:5:1024m CRASH \e[m’

and foot will crash on an out-of-bounds access.

Fix by clamping the color index.

Closes #1111

CHANGELOG.md

@@ -82,10 +82,14 @@
   support the offered mime-types ([#1092][1092]).
 * Keyboard enter/leave events being ignored if there is no keymap
   ([#1097][1097]).
+* Crash when application emitted an invalid `CSI 38;5;<idx>m`, `CSI
+  38:5:<idx>m`, `CSI 48;5;<idx>m` or `CSI 48:5:<idx>m` sequence
+  ([#1111][1111]).
 
 [1055]: https://codeberg.org/dnkl/foot/issues/1055
 [1092]: https://codeberg.org/dnkl/foot/issues/1092
 [1097]: https://codeberg.org/dnkl/foot/issues/1097
+[1111]: https://codeberg.org/dnkl/foot/issues/1111
 
 
 ### Security

csi.c

@@ -128,7 +128,8 @@ csi_sgr(struct terminal *term)
                 term->vt.params.v[i + 1].value == 5)
             {
                 src = COLOR_BASE256;
-                color = term->vt.params.v[i + 2].value;
+                color = min(term->vt.params.v[i + 2].value,
+                            ALEN(term->colors.table) - 1);
                 i += 2;
             }
 
@@ -149,7 +150,8 @@ csi_sgr(struct terminal *term)
                      term->vt.params.v[i].sub.value[0] == 5)
             {
                 src = COLOR_BASE256;
-                color = term->vt.params.v[i].sub.value[1];
+                color = min(term->vt.params.v[i].sub.value[1],
+                            ALEN(term->colors.table) - 1);
             }
 
             /*