[vte: 3/3] Bug 616497 - 256 color sequence lacks boundary checking

From: Behdad Esfahbod <behdad src gnome org>
To: commits-list gnome org
Cc:
Subject: [vte: 3/3] Bug 616497 - 256 color sequence lacks boundary checking
Date: Thu, 29 Apr 2010 20:39:05 +0000 (UTC)

commit 81375a2f4aec7b55d8c3337a316fdeda166b701f
Author: Behdad Esfahbod <behdad behdad org>
Date:   Thu Apr 29 16:38:36 2010 -0400

    Bug 616497 - 256 color sequence lacks boundary checking

 src/vteseq.c |   28 ++++++++++++++++------------
 1 files changed, 16 insertions(+), 12 deletions(-)
---
diff --git a/src/vteseq.c b/src/vteseq.c
index a99ed47..0accae5 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -2326,17 +2326,19 @@ vte_sequence_handler_character_attributes (VteTerminal *terminal, GValueArray *p
 			break;
 		case 38:
 		{
-			GValue *value1;
-			long param1;
 			/* The format looks like: ^[[38;5;COLORNUMBERm,
 			   so look for COLORNUMBER here. */
 			if ((i + 2) < params->n_values){
-				value1 = g_value_array_get_nth(params, i + 2);
-				if (!G_VALUE_HOLDS_LONG(value1)) {
+				GValue *value1, *value2;
+				long param1, param2;
+				value1 = g_value_array_get_nth(params, i + 1);
+				value2 = g_value_array_get_nth(params, i + 2);
+				if (G_UNLIKELY (!(G_VALUE_HOLDS_LONG(value1) && G_VALUE_HOLDS_LONG(value2))))
 					break;
-				}
 				param1 = g_value_get_long(value1);
-				terminal->pvt->screen->defaults.attr.fore = param1;
+				param2 = g_value_get_long(value2);
+				if (G_LIKELY (param1 == 5 && param2 >= 0 && param2 < 256))
+					terminal->pvt->screen->defaults.attr.fore = param2;
 				i += 2;
 			}
 			break;
@@ -2360,17 +2362,19 @@ vte_sequence_handler_character_attributes (VteTerminal *terminal, GValueArray *p
 			break;
 		case 48:
 		{
-			GValue *value1;
-			long param1;
 			/* The format looks like: ^[[48;5;COLORNUMBERm,
 			   so look for COLORNUMBER here. */
 			if ((i + 2) < params->n_values){
-				value1 = g_value_array_get_nth(params, i + 2);
-				if (!G_VALUE_HOLDS_LONG(value1)) {
+				GValue *value1, *value2;
+				long param1, param2;
+				value1 = g_value_array_get_nth(params, i + 1);
+				value2 = g_value_array_get_nth(params, i + 2);
+				if (G_UNLIKELY (!(G_VALUE_HOLDS_LONG(value1) && G_VALUE_HOLDS_LONG(value2))))
 					break;
-				}
 				param1 = g_value_get_long(value1);
-				terminal->pvt->screen->defaults.attr.back = param1;
+				param2 = g_value_get_long(value2);
+				if (G_LIKELY (param1 == 5 && param2 >= 0 && param2 < 256))
+					terminal->pvt->screen->defaults.attr.back = param2;
 				i += 2;
 			}
 			break;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]