diff --git a/kitty/parser.c b/kitty/parser.c index 8714ee015..560cf2b3b 100644 --- a/kitty/parser.c +++ b/kitty/parser.c @@ -15,7 +15,7 @@ static unsigned long pow10[] = { 1, 10, 100, 1000, 10000, 100000, 1000000, 10000000, 100000000, 1000000000, 10000000000 }; -static inline uint32_t +static inline unsigned long utoi(uint32_t *buf, unsigned int sz) { unsigned long ans = 0; uint32_t *p = buf; @@ -558,6 +558,7 @@ parse_graphics_code(Screen *screen, PyObject UNUSED *dump_callback) { enum KEYS key = 'a'; static GraphicsCommand g; unsigned int i, code; + unsigned long lcode; bool is_negative; memset(&g, 0, sizeof(g)); static uint8_t payload[4096]; @@ -606,7 +607,9 @@ parse_graphics_code(Screen *screen, PyObject UNUSED *dump_callback) { if (screen->parser_buf[i] < '0' || screen->parser_buf[i] > '9') break; \ } \ if (i == pos) { REPORT_ERROR("Malformed graphics control block, expecting an integer value"); return; } \ - code = utoi(screen->parser_buf + pos, i - pos); pos = i; + lcode = utoi(screen->parser_buf + pos, i - pos); pos = i; \ + if (lcode > UINT32_MAX) { REPORT_ERROR("id is too large"); return; } \ + code = lcode; case INT: is_negative = false; diff --git a/kitty_tests/parser.py b/kitty_tests/parser.py index cf820cec2..2f93e0733 100644 --- a/kitty_tests/parser.py +++ b/kitty_tests/parser.py @@ -220,7 +220,7 @@ class TestParser(BaseTest): pb = partial(self.parse_bytes_dump, s) uint32_max = 2**32 - 1 t('i=%d' % uint32_max, id=uint32_max) - t('i=%d' % (uint32_max + 1), id=0) + e('i=%d' % (uint32_max + 1), 'id is too large') pb('\033_Gi=12\033\\', c(id=12)) t('a=t,t=d,s=100,z=-9', payload='X', action='t', transmission_type='d', data_width=100, z_index=-9, payload_sz=1) t('a=t,t=d,s=100,z=9', payload='payload', action='t', transmission_type='d', data_width=100, z_index=9, payload_sz=7)