[xsrc-public/trunk]: xsrc-public/external/mit/xterm/dist apply upstream fix f...

To: source-changes-hg%NetBSD.org@localhost
Subject: [xsrc-public/trunk]: xsrc-public/external/mit/xterm/dist apply upstream fix f...
From: mrg <mrg%NetBSD.org@localhost>
Date: Thu, 03 Feb 2022 02:16:52 +0000

details:   https://anonhg.NetBSD.org/xsrc-public/rev/bcfa5929b81b
branches:  trunk
changeset: 6950:bcfa5929b81b
user:      mrg <mrg%NetBSD.org@localhost>
date:      Thu Feb 03 01:59:24 2022 +0000

description:
apply upstream fix for CVE-2022-24130.

diffstat:

 external/mit/xterm/dist/graphics_sixel.c |  31 ++++++++++++++++++++++---------
 1 files changed, 22 insertions(+), 9 deletions(-)

diffs (77 lines):

diff -r f67ed2eeb77b -r bcfa5929b81b external/mit/xterm/dist/graphics_sixel.c
--- a/external/mit/xterm/dist/graphics_sixel.c  Fri Jan 14 19:42:56 2022 +0000
+++ b/external/mit/xterm/dist/graphics_sixel.c  Thu Feb 03 01:59:24 2022 +0000
@@ -1,8 +1,8 @@
-/* $XTermId: graphics_sixel.c,v 1.29 2021/08/10 00:39:26 tom Exp $ */
+/* $XTermId: graphics_sixel.c,v 1.31 2022/01/31 08:53:42 tom Exp $ */
 
 /*
- * Copyright 2014-2020,2021 by Ross Combs
- * Copyright 2014-2020,2021 by Thomas E. Dickey
+ * Copyright 2014-2021,2022 by Ross Combs
+ * Copyright 2014-2021,2022 by Thomas E. Dickey
  *
  *                         All Rights Reserved
  *
@@ -149,7 +149,7 @@
     graphic->color_registers_used[context->background] = 1;
 }
 
-static void
+static Boolean
 set_sixel(Graphic *graphic, SixelContext const *context, int sixel)
 {
     const int mh = graphic->max_height;
@@ -170,7 +170,10 @@
           ((color != COLOR_HOLE)
            ? (unsigned) graphic->color_registers[color].b : 0U)));
     for (pix = 0; pix < 6; pix++) {
-       if (context->col < mw && context->row + pix < mh) {
+       if (context->col >= 0 &&
+           context->col < mw &&
+           context->row + pix >= 0 &&
+           context->row + pix < mh) {
            if (sixel & (1 << pix)) {
                if (context->col + 1 > graphic->actual_width) {
                    graphic->actual_width = context->col + 1;
@@ -183,8 +186,10 @@
            }
        } else {
            TRACE(("sixel pixel %d out of bounds\n", pix));
+           return False;
        }
     }
+    return True;
 }
 
 static void
@@ -462,8 +467,12 @@
                init_sixel_background(graphic, &context);
                graphic->valid = 1;
            }
-           if (sixel)
-               set_sixel(graphic, &context, sixel);
+           if (sixel) {
+               if (!set_sixel(graphic, &context, sixel)) {
+                   context.col = 0;
+                   break;
+               }
+           }
            context.col++;
        } else if (ch == '$') { /* DECGCR */
            /* ignore DECCRNLM in sixel mode */
@@ -531,8 +540,12 @@
            if (sixel) {
                int i;
                for (i = 0; i < Pcount; i++) {
-                   set_sixel(graphic, &context, sixel);
-                   context.col++;
+                   if (set_sixel(graphic, &context, sixel)) {
+                       context.col++;
+                   } else {
+                       context.col = 0;
+                       break;
+                   }
                }
            } else {
                context.col += Pcount;

Prev by Date: [src/trunk]: src/sys/dev/ic Fix misplaced comma.
Next by Date: [src/trunk]: src/sys/fs/udf Revere modification of initializer; it can lead t...
Previous by Thread: [src/trunk]: src/sys/dev/ic Fix misplaced comma.
Next by Thread: [src/trunk]: src/sys/fs/udf Revere modification of initializer; it can lead t...
Indexes:

Home | Main Index | Thread Index | Old Index