From 92187d2e4e1980b31ff2aa174d7f917d0945e175 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= Date: Fri, 22 May 2026 11:18:15 +0200 Subject: [PATCH] sixel: clamp max width/height in 'CSI ? 2 ; 3 ; W ; H S' This ensures the user cannot raise the maximum sixel size, where width*height cannot be represented as an integer. Note, we should consider moving all sixel width/height variables from int to size_t. But, since it doesn't make any sense with overly large sixel images, clamping the max width/height is enough. Add a static_assert() that checks SIXEL_MAX_WIDTH * SIXEL_MAX_HEIGHT doesn't overflow. Closes #2343 --- CHANGELOG.md | 3 +++ sixel.c | 8 +++++--- sixel.h | 8 ++++++-- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 464f096f..ee6a979d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -82,10 +82,13 @@ * DECCRA not clamping or verifying the destination rectangle ([#2352][2352]). * Empty selection clearing the clipboard ([#2327][2327]). +* Sixel image max size not clamped, causing foot to crash on very + large sixel images ([#2343][2343]). [2353]: https://codeberg.org/dnkl/foot/issues/2353 [2352]: https://codeberg.org/dnkl/foot/issues/2352 [2327]: https://codeberg.org/dnkl/foot/issues/2327 +[2343]: https://codeberg.org/dnkl/foot/issues/2343 ### Security diff --git a/sixel.c b/sixel.c index 187f1348..1db6336d 100644 --- a/sixel.c +++ b/sixel.c @@ -2207,9 +2207,11 @@ sixel_geometry_reset(struct terminal *term) void sixel_geometry_set(struct terminal *term, unsigned width, unsigned height) { - LOG_DBG("sixel geometry set to %ux%u", width, height); - term->sixel.max_width = width; - term->sixel.max_height = height; + const unsigned new_width = min(width, SIXEL_MAX_WIDTH); + const unsigned new_height = min(height, SIXEL_MAX_HEIGHT); + LOG_DBG("sixel geometry set to %ux%u", new_width, new_height); + term->sixel.max_width = new_width; + term->sixel.max_height = new_height; sixel_geometry_report_current(term); } diff --git a/sixel.h b/sixel.h index ab8a5050..5c18da1c 100644 --- a/sixel.h +++ b/sixel.h @@ -2,10 +2,14 @@ #include "terminal.h" -#define SIXEL_MAX_COLORS 1024u -#define SIXEL_MAX_WIDTH 10000u +#define SIXEL_MAX_COLORS 1024u +#define SIXEL_MAX_WIDTH 10000u #define SIXEL_MAX_HEIGHT 10000u +static_assert(SIXEL_MAX_WIDTH * SIXEL_MAX_HEIGHT == + (size_t)SIXEL_MAX_WIDTH * SIXEL_MAX_HEIGHT, + "sixel max size triggers integer overflow"); + typedef void (*sixel_put)(struct terminal *term, uint8_t c); void sixel_fini(struct terminal *term);