[vte] [CVE-2011-2198] Limit insert-blank-characters
- From: Christian Persch <chpe src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [vte] [CVE-2011-2198] Limit insert-blank-characters
- Date: Tue, 14 Jun 2011 21:46:45 +0000 (UTC)
commit cadfb9b5a43791034f38b562bb6f58d1b4513844
Author: Christian Persch <chpe gnome org>
Date: Fri Jun 10 17:31:58 2011 +0200
[CVE-2011-2198] Limit insert-blank-characters
Bug #652124.
src/vteseq.c | 27 ++++++++++++++++++++++-----
1 files changed, 22 insertions(+), 5 deletions(-)
---
diff --git a/src/vteseq.c b/src/vteseq.c
index 83d1bc8..6273f9e 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -532,9 +532,10 @@ vte_sequence_handler_offset(VteTerminal *terminal,
/* Call another function a given number of times, or once. */
static void
-vte_sequence_handler_multiple(VteTerminal *terminal,
- GValueArray *params,
- VteTerminalSequenceHandler handler)
+vte_sequence_handler_multiple_limited(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler,
+ glong max)
{
long val = 1;
int i;
@@ -544,13 +545,29 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
value = g_value_array_get_nth(params, 0);
if (G_VALUE_HOLDS_LONG(value)) {
val = g_value_get_long(value);
- val = MAX(val, 1); /* FIXME: vttest. */
+ val = CLAMP(val, 1, max); /* FIXME: vttest. */
}
}
for (i = 0; i < val; i++)
handler (terminal, NULL);
}
+static void
+vte_sequence_handler_multiple(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler)
+{
+ vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+}
+
+static void
+vte_sequence_handler_multiple_r(VteTerminal *terminal,
+ GValueArray *params,
+ VteTerminalSequenceHandler handler)
+{
+ vte_sequence_handler_multiple_limited(terminal, params, handler,
+ terminal->column_count - terminal->pvt->screen->cursor_current.col);
+}
/* Manipulate certain terminal attributes. */
static void
@@ -1570,7 +1587,7 @@ vte_sequence_handler_ic (VteTerminal *terminal, GValueArray *params)
static void
vte_sequence_handler_IC (VteTerminal *terminal, GValueArray *params)
{
- vte_sequence_handler_multiple(terminal, params, vte_sequence_handler_ic);
+ vte_sequence_handler_multiple_r(terminal, params, vte_sequence_handler_ic);
}
/* Begin insert mode. */
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]