2 Commits

Author SHA1 Message Date
b28bbee539 fix(terminal): skip setting string_initial to false on no-op (#34176)
Problem:

Currently undefined behavior can occur when `string_fragment()` is
called with `OSC_COMMAND`. This is because when the state changes to
`OSC_COMMAND`, `string_initial` is set to true. Then in some cases,
directly after this `string_initial` will be set back to false before
the on_osc callback is called, this leads to `term_settermprop()` never
initializing the title.

Solution:

In all of the no-op cases in `string_fragment()` currently, we continue
to the end of the function where `vt->parser.string_initial` is set to
false. This change returns in the no-op cases instead since in these
cases the string has not yet been terminated and sent to the callback.

Note:

This change also adds a test with a byte sequence from the file
in #34028 that caused nvim to crash. This byte sequences is the shortest
sequence I could trim down from that file that still would trigger the
crash. There are also two other tests I added which validate that
setting the title with OSC-0 and OSC-2 still works.

Fixes: #34028
2025-05-29 13:29:16 -05:00
6d997f8068 fix(terminal): handle C0 characters in OSC terminator (#30090)
When a C0 character is present in an OSC terminator (i.e. after the ESC
but before a \ (0x5c) or printable character), vterm executes the
control character and resets the current string fragment. If the C0
character is the final byte in the sequence, the string fragment has a
zero length. However, because the VT parser is still in the "escape"
state, vterm attempts to subtract 1 from the string length (to account
for the escape character). When the string fragment is empty, this
causes an underflow in the unsigned size variable, resulting in a buffer
overflow.

The fix is simple: explicitly check if the string length is non-zero
before subtracting.
2024-08-19 06:43:06 -05:00