Hi Nic, Nicholas Marriott wrote on Thu, Apr 28, 2016 at 01:11:44PM +0100:
> tmux is not some sort of terminal firewall. Of course we try to avoid > anything obviously stupid, but we also want stuff that works outside > tmux to also work inside. [...] > Assuming a width of 1 where we can't get a width from the system > is not a big step and I do not think it poses any more of a > security risk than just running the application without tmux. Oh. That does look like a valid argument that i missed. Note, though, that most terminals display nothing at all when being fed a non-printable character (except that, of course, there are various control characters that change terminal state and can have extensive effects on how subsequent text will be printed). So i'm not quite convinced the value 1 is better than the value 0. Then again, i don't worry that much which value you use, i mostly worried about treating non-printables as printable at all. > tmux is /not/ getting the width with wcwidth() for some sort of > protective sanity check, it is getting it so it can keep its own state > correct. If we can't get the width, using the best guess of what the > terminal outside will do is fair and will fix more problems than it > causes. In that case, it might make sense to add a comment explaining that non-printable characters are intentionally passed through, because doing so is no more dangerous than not using tmux(1) in the first place. Given that failing to check the wcwidth(3) return value against -1, or mishandling that case in some way, is a very common and usually dangerous error, such a comment can help to avoid serious confusion of code auditors, like the one you witnessed on my part. Saying "hope for the best", as you do now, rings all the alarms instead. Yours, Ingo
