GitHub/neovim
1
0
Fork 0
mirror of https://github.com/neovim/neovim synced 2025-07-15 16:51:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(termkey): out-of-bounds write in array #33868

Browse Source 
Problem:
termkey crashes due to an out-of-bounds write in an array when it
received a CSI sequence with 17 or more arguments. This could be
observed on startup with certain terminal emulators like [RLogin], which
send a response to the `CSI c` query containing 17 parameters.

The termkey code has a boundary check, but its comparison operator is
incorrect.

Solution:
Correct the comparison operator to ensure proper boundary checking.

With this change, I have confirmed that the crash no longer occurs on
RLogin. https://github.com/kmiya-culti/RLogin

Fixes #24356
This commit is contained in:
gcrtnst
2025-05-06 21:20:03 +09:00
committed by GitHub
parent db2b774a16
commit 8707ec2644
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/nvim/tui/termkey/driver-csi.c
View File

@ -507,7 +507,7 @@ static TermKeyResult parse_csi(TermKey *tk, size_t introlen, size_t *csi_len,
present = 0; present = 0;
argi++; argi++;
if (argi > 16) { if (argi >= 16) {
break; break;
} }
} else if (c >= 0x20 && c <= 0x2f) { } else if (c >= 0x20 && c <= 0x2f) {