To: vim_dev@googlegroups.com Subject: Patch 8.2.1030 Fcc: outbox From: Bram Moolenaar Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit ------------ Patch 8.2.1030 Problem: Reducing size of a terminal window may cause a crash. Solution: Make sure the row and column don't become negative. (closes #6273) Files: src/libvterm/src/state.c, src/libvterm/src/screen.c *** ../vim-8.2.1029/src/libvterm/src/state.c 2020-06-19 17:20:38.505781931 +0200 --- src/libvterm/src/state.c 2020-06-21 17:51:24.178929272 +0200 *************** *** 17,27 **** { VTermGlyphInfo info; - if (pos.row >= state->rows) - { - DEBUG_LOG2("libvterm: putglyph() pos.row %d out of range (rows = %d)\n", pos.row, state.rows); - return; - } info.chars = chars; info.width = width; info.protected_cell = state->protected_cell; --- 17,22 ---- *************** *** 289,299 **** VTermPos oldpos = state->pos; - if (state->pos.row >= state->rows) - { - DEBUG_LOG2("libvterm: on_text() pos.row %d out of range (rows = %d)\n", state->pos.row, state->rows); - return 0; - } // We'll have at most len codepoints, plus one from a previous incomplete // sequence. codepoints = vterm_allocator_malloc(state->vt, (len + 1) * sizeof(uint32_t)); --- 284,289 ---- *************** *** 1856,1863 **** --- 1846,1857 ---- if(state->pos.row >= rows) state->pos.row = rows - 1; + if(state->pos.row < 0) + state->pos.row = 0; if(state->pos.col >= cols) state->pos.col = cols - 1; + if(state->pos.col < 0) + state->pos.col = 0; updatecursor(state, &oldpos, 1); *** ../vim-8.2.1029/src/libvterm/src/screen.c 2020-06-16 20:58:03.441240175 +0200 --- src/libvterm/src/screen.c 2020-06-21 17:53:39.782569301 +0200 *************** *** 646,651 **** --- 646,657 ---- newinfo->doubleheight != oldinfo->doubleheight) { for(col = 0; col < screen->cols; col++) { ScreenCell *cell = getcell(screen, row, col); + if (cell == NULL) + { + DEBUG_LOG2("libvterm: setlineinfo() position invalid: %d / %d", + row, col); + return 1; + } cell->pen.dwl = newinfo->doublewidth; cell->pen.dhl = newinfo->doubleheight; } *************** *** 773,778 **** --- 779,790 ---- ScreenCell *cell = getcell(screen, row, col); int i; + if (cell == NULL) + { + DEBUG_LOG2("libvterm: _get_chars() position invalid: %d / %d", + row, col); + return 1; + } if(cell->chars[0] == 0) // Erased cell, might need a space padding++; *** ../vim-8.2.1029/src/version.c 2020-06-21 16:58:09.747688156 +0200 --- src/version.c 2020-06-21 17:56:50.746060050 +0200 *************** *** 756,757 **** --- 756,759 ---- { /* Add new patch number below this line */ + /**/ + 1030, /**/ -- Arthur pulls Pin out. The MONK blesses the grenade as ... ARTHUR: (quietly) One, two, five ... GALAHAD: Three, sir! ARTHUR: Three. "Monty Python and the Holy Grail" PYTHON (MONTY) PICTURES LTD /// Bram Moolenaar -- Bram@Moolenaar.net -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ an exciting new programming language -- http://www.Zimbu.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org ///