From ab6ffd1344d1d19f4c7275fcb3c1429a11881381 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Ekl=C3=B6f?= <daniel@ekloef.se>
Date: Thu, 14 May 2026 12:41:58 +0200
Subject: [PATCH] osc: kitty notifications: increase query reply buffer size

When we initially implemented the kitty notification protocol, 128
bytes was enough.

Since then, the protocol has grown, and 128 bytes is no longer enough,
resulting in a crash when you try to query the protocol:

    printf "\e]99;i=123:p=?;\e\\"

Results in

    #0 0x7fe4fad3dcde in __sanitizer_print_stack_trace (/usr/lib/libasan.so.8+0x13dcde) (BuildId: 38f5643355445a477f07ffa9b6a83a55c87415a0)
    #1 0x561ec61454e8 in print_stack_trace ../../debug.c:20
    #2 0x561ec6145550 in fatal_error ../../debug.c:28
    #3 0x561ec61462d0 in xvsnprintf ../../xsnprintf.c:42
    #4 0x561ec614640a in xsnprintf ../../xsnprintf.c:52
    #5 0x561ec6131fe6 in kitty_notification ../../osc.c:765
    #6 0x561ec6139fec in osc_dispatch ../../osc.c:1511
    #7 0x561ec60fcac8 in action_osc_end ../../vt.c:614
    #8 0x561ec60fe6bb in state_osc_string_switch ../../vt.c:924
    #9 0x561ec60ff437 in vt_from_slave ../../vt.c:1115
    #10 0x561ec6078748 in fdm_ptmx ../../terminal.c:297
    #11 0x561ec5ee6ed0 in fdm_poll ../../fdm.c:483
    #12 0x561ec5f344d3 in main ../../main.c:676
    #13 0x7fe4f9e2777d  (/usr/lib/libc.so.6+0x2777d) (BuildId: 674f3ebbcb651fbc7d1189cb300acfd7d007849a)
    #14 0x7fe4f9e278bb in __libc_start_main (/usr/lib/libc.so.6+0x278bb) (BuildId: 674f3ebbcb651fbc7d1189cb300acfd7d007849a)
    #15 0x561ec5e77a14 in _start (/home/daniel/src/foot/bld/debug/foot+0x4b8a14) (BuildId: 9fca511350f3745edd3546ff800a763c1957e673)

Closes #2335
---
 CHANGELOG.md | 3 +++
 osc.c        | 3 +--
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a7cb54b2..7a69d1c4 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -102,10 +102,13 @@
   event reporting ([#2316][2316]).
 * Keypad escapes in the legacy keyboard protocol ignoring the shift
   modifier ([#2324][2324]).
+* Crash when querying the kitty notification protocol (OSC-99, with
+  `p=?`) ([#2335][2335]).
 
 [2307]: https://codeberg.org/dnkl/foot/issues/2307
 [2316]: https://codeberg.org/dnkl/foot/issues/2316
 [2324]: https://codeberg.org/dnkl/foot/issues/2324
+[2335]: https://codeberg.org/dnkl/foot/issues/2335
 
 
 ### Security
diff --git a/osc.c b/osc.c
index 82793fb5..95af5bff 100644
--- a/osc.c
+++ b/osc.c
@@ -761,13 +761,12 @@ kitty_notification(struct terminal *term, char *string)
 
                 const char *terminator = term->vt.osc.bel ? "\a" : "\033\\";
 
-                char reply[128];
+                char reply[512];
                 size_t n = xsnprintf(
                     reply, sizeof(reply),
                     "\033]99;i=%s:p=?;p=%s:a=%s:o=%s:u=%s:c=1:w=1:s=system,silent,error,warn,warning,info,question%s",
                     reply_id, p_caps, a_caps, when_caps, u_caps, terminator);
 
-                xassert(n < sizeof(reply));
                 term_to_slave(term, reply, n);
                 goto out;
             }