mirrors/foot
1
0
Fork 0
mirror of https://codeberg.org/dnkl/foot.git synced 2026-03-24 09:05:48 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

csi: clamp color index for ‘CSI 38/48 ; 5 ; idx m’ sequences

Browse source 
Indexed color values are stored in the cell attributes as color
indices (into the 256-color table). However, the index from the CSI
was not validated in any way, meaning you can do something like this:

  echo -e ‘\e[38:5:1024m CRASH \e[m’

and foot will crash on an out-of-bounds access.

Fix by clamping the color index.

Closes #1111
This commit is contained in:
Daniel Eklöf 2022-07-22 10:44:33 +02:00
parent 0c60bb3f29
commit 87e4004960
No known key found for this signature in database
GPG key ID: 5BBD4992C116573F
2 changed files with 8 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

6
csi.c
View file

@ -128,7 +128,8 @@ csi_sgr(struct terminal *term)
term->vt.params.v[i + 1].value == 5)
{
src = COLOR_BASE256;
color = term->vt.params.v[i + 2].value;
color = min(term->vt.params.v[i + 2].value,
ALEN(term->colors.table) - 1);
i += 2;
}
@ -149,7 +150,8 @@ csi_sgr(struct terminal *term)
term->vt.params.v[i].sub.value[0] == 5)
{
src = COLOR_BASE256;
color = term->vt.params.v[i].sub.value[1];
color = min(term->vt.params.v[i].sub.value[1],
ALEN(term->colors.table) - 1);
}
/*