Author: ed Date: Tue Feb 19 21:58:23 2019 New Revision: 344309 URL: https://svnweb.freebsd.org/changeset/base/344309
Log: Place an upper bound on the number of iterations for REP. Right now it's possible to invoke the REP escape sequence with a maximum of tens of millions of iterations. In practice, there is never any need to do this. Calling it more frequently than the number of cells in the terminal hardly makes any sense. By placing a limit on it, we can prevent users from exhausting resources in inside the terminal emulator. As support for this escape sequence is not present in any of the stable branches, there is no need to MFC. Reported by: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=11255 Modified: head/sys/teken/teken_subr.h Modified: head/sys/teken/teken_subr.h ============================================================================== --- head/sys/teken/teken_subr.h Tue Feb 19 21:49:48 2019 (r344308) +++ head/sys/teken/teken_subr.h Tue Feb 19 21:58:23 2019 (r344309) @@ -1337,8 +1337,11 @@ teken_subr_vertical_position_absolute(teken_t *t, unsi static void teken_subr_repeat_last_graphic_char(teken_t *t, unsigned int rpts) { + unsigned int max_repetitions; + max_repetitions = t->t_winsize.tp_row * t->t_winsize.tp_col; + if (rpts > max_repetitions) + rpts = max_repetitions; for (; t->t_last != 0 && rpts > 0; rpts--) teken_subr_regular_character(t, t->t_last); } - _______________________________________________ svn-src-all@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/svn-src-all To unsubscribe, send any mail to "svn-src-all-unsubscr...@freebsd.org"
