Message ID | 1347873003-11593-1-git-send-email-lersek@redhat.com |
---|---|
State | New |
Headers | show |
Laszlo Ersek <lersek@redhat.com> writes: > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > Build tested. > console.c | 7 +++++-- > 1 files changed, 5 insertions(+), 2 deletions(-) > > diff --git a/console.c b/console.c > index c1ed5e0..67080f4 100644 > --- a/console.c > +++ b/console.c > @@ -938,8 +938,11 @@ static void console_putchar(TextConsole *s, int ch) > case TTY_STATE_CSI: /* handle escape sequence parameters */ > if (ch >= '0' && ch <= '9') { > if (s->nb_esc_params < MAX_ESC_PARAMS) { > - s->esc_params[s->nb_esc_params] = > - s->esc_params[s->nb_esc_params] * 10 + ch - '0'; > + int *param = &s->esc_params[s->nb_esc_params]; > + int digit = (ch - '0'); > + > + *param = (*param <= (INT_MAX - digit) / 10) ? > + *param * 10 + digit : INT_MAX; > } > } else { > if (s->nb_esc_params < MAX_ESC_PARAMS) Before this patch, silent integer overflow. Exact behavior depends on hosts int type. For instance, \e[4294967296 is the same as \e[0 with 32 bit int, but with 64 bit int. What does a real vt100 do? I don't have one anymore. For what it's worth, both xterm and Xfce Terminal appear to saturate at some "big" number ("big" compared to the argument values that are actually useful; INT_MAX should do fine). In particular, \e[4294967296 does *not* behave like \e[0. Therefore, changing QEMU to saturate makes sense. Reviewed-by: Markus Armbruster <armbru@redhat.com>
On Mon, Sep 17, 2012 at 11:10:03AM +0200, Laszlo Ersek wrote: > Signed-off-by: Laszlo Ersek <lersek@redhat.com> > --- > Build tested. > console.c | 7 +++++-- > 1 files changed, 5 insertions(+), 2 deletions(-) Thanks, applied to the trivial patches tree: https://github.com/stefanha/qemu/commits/trivial-patches Stefan
diff --git a/console.c b/console.c index c1ed5e0..67080f4 100644 --- a/console.c +++ b/console.c @@ -938,8 +938,11 @@ static void console_putchar(TextConsole *s, int ch) case TTY_STATE_CSI: /* handle escape sequence parameters */ if (ch >= '0' && ch <= '9') { if (s->nb_esc_params < MAX_ESC_PARAMS) { - s->esc_params[s->nb_esc_params] = - s->esc_params[s->nb_esc_params] * 10 + ch - '0'; + int *param = &s->esc_params[s->nb_esc_params]; + int digit = (ch - '0'); + + *param = (*param <= (INT_MAX - digit) / 10) ? + *param * 10 + digit : INT_MAX; } } else { if (s->nb_esc_params < MAX_ESC_PARAMS)
Signed-off-by: Laszlo Ersek <lersek@redhat.com> --- Build tested. console.c | 7 +++++-- 1 files changed, 5 insertions(+), 2 deletions(-)