summary |
log |
commit |
diff |
tree
raw |
patch |
inline | side by side (from parent 1:
16ac85b)
Current CSI parsing code uses strtol to parse arguments and allows them
to be negative. Negative argument is not properly handled in tdeletechar
and tinsertblank and results in memory corruption in memmove.
Reproduce with printf '\e[-500@'
Patch also removes special handling for corner case and simplifies
the code.
Removed
term.dirty[term.c.y] = 1
because tclearregion sets dirty flag.
void
tdeletechar(int n) {
void
tdeletechar(int n) {
- int src = term.c.x + n;
- int dst = term.c.x;
- int size = term.col - src;
- term.dirty[term.c.y] = 1;
+ LIMIT(n, 0, term.col - term.c.x);
- if(src >= term.col) {
- tclearregion(term.c.x, term.c.y, term.col-1, term.c.y);
- return;
- }
+ dst = term.c.x;
+ src = term.c.x + n;
+ size = term.col - src;
memmove(&term.line[term.c.y][dst], &term.line[term.c.y][src],
memmove(&term.line[term.c.y][dst], &term.line[term.c.y][src],
tclearregion(term.col-n, term.c.y, term.col-1, term.c.y);
}
void
tinsertblank(int n) {
tclearregion(term.col-n, term.c.y, term.col-1, term.c.y);
}
void
tinsertblank(int n) {
- int src = term.c.x;
- int dst = src + n;
- int size = term.col - dst;
- term.dirty[term.c.y] = 1;
+ LIMIT(n, 0, term.col - term.c.x);
- if(dst >= term.col) {
- tclearregion(term.c.x, term.c.y, term.col-1, term.c.y);
- return;
- }
+ dst = term.c.x + n;
+ src = term.c.x;
+ size = term.col - dst;
memmove(&term.line[term.c.y][dst], &term.line[term.c.y][src],
memmove(&term.line[term.c.y][dst], &term.line[term.c.y][src],
tclearregion(src, term.c.y, dst - 1, term.c.y);
}
tclearregion(src, term.c.y, dst - 1, term.c.y);
}