Place an upper bound on the number of iterations for REP.
Right now it's possible to invoke the REP escape sequence with a maximum of tens of millions of iterations. In practice, there is never any need to do this. Calling it more frequently than the number of cells in the terminal hardly makes any sense. By placing a limit on it, we can prevent users from exhausting resources in inside the terminal emulator. As support for this escape sequence is not present in any of the stable branches, there is no need to MFC. Reported by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11255
This commit is contained in:
parent
7c27c925f4
commit
e06f6f7311
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=344309
@ -1337,8 +1337,11 @@ teken_subr_vertical_position_absolute(teken_t *t, unsigned int row)
|
||||
static void
|
||||
teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts)
|
||||
{
|
||||
unsigned int max_repetitions;
|
||||
|
||||
max_repetitions = t->t_winsize.tp_row * t->t_winsize.tp_col;
|
||||
if (rpts > max_repetitions)
|
||||
rpts = max_repetitions;
|
||||
for (; t->t_last != 0 && rpts > 0; rpts--)
|
||||
teken_subr_regular_character(t, t->t_last);
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user