1 From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
2 From: Christian Persch <chpe@gnome.org>
3 Date: Sat, 19 May 2012 17:36:09 +0000
4 Subject: emulation: Limit integer arguments to 65535
5
6 To guard against malicious sequences containing excessively big numbers,
7 limit all parsed numbers to 16 bit range. Doing this here in the parsing
8 routine is a catch-all guard; this doesn't preclude enforcing
9 more stringent limits in the handlers themselves.
10
11 https://bugzilla.gnome.org/show_bug.cgi?id=676090
12 ---
13 diff --git a/src/table.c b/src/table.c
14 index 140e8c8..85cf631 100644
15 --- a/src/table.c
16 +++ b/src/table.c
17 @@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
18 if (G_UNLIKELY (*array == NULL)) {
19 *array = g_value_array_new(1);
20 }
21 - g_value_set_long(&value, total);
22 + g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
23 g_value_array_append(*array, &value);
24 } while (i++ < arginfo->length);
25 g_value_unset(&value);
26 diff --git a/src/vteseq.c b/src/vteseq.c
27 index 457c06a..46def5b 100644
28 --- a/src/vteseq.c
29 +++ b/src/vteseq.c
30 @@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
31 GValueArray *params,
32 VteTerminalSequenceHandler handler)
33 {
34 - vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
35 + vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
36 }
37
38 static void
39 --
40 cgit v0.9.0.2
|
