From f71521477076741b6d7a9dbeb365a7103c2c9ae9 Mon Sep 17 00:00:00 2001 From: Adam Saponara Date: Thu, 6 Jan 2022 01:06:30 -0500 Subject: [PATCH] fix bug in `extract_esc_cap`. previously we were able to read past the actual end of the input buffer (`global.in.buf`). we would not segfault due to how bytebufs are implemented, but we could erroneously re-process segments of input. in practice i think this could only occur with an instantaneous burst of tty input greater than the read buffer in `wait_event` (64 bytes). i noticed this by accidentally mouse-wheeling very fast in xfce4-terminal which, in my setup, sends a bunch of up-arrow events (`\x1bOA`) all at once, in which case termbox was pseduo-randomly emitting "O" and "A" events. --- termbox.h | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/termbox.h b/termbox.h index e0fb4c3..ac1dd36 100644 --- a/termbox.h +++ b/termbox.h @@ -1274,7 +1274,7 @@ static int init_term_attrs(); static int init_term_caps(); static int init_cap_trie(); static int cap_trie_add(const char *cap, uint16_t key, uint8_t mod); -static int cap_trie_find(const char *buf, struct cap_trie_t **last, +static int cap_trie_find(const char *buf, size_t nbuf, struct cap_trie_t **last, size_t *depth); static int cap_trie_deinit(struct cap_trie_t *node); static int init_resize_handler(); @@ -1915,13 +1915,13 @@ static int cap_trie_add(const char *cap, uint16_t key, uint8_t mod) { return TB_OK; } -static int cap_trie_find(const char *buf, struct cap_trie_t **last, +static int cap_trie_find(const char *buf, size_t nbuf, struct cap_trie_t **last, size_t *depth) { struct cap_trie_t *next, *node = &global.cap_trie; size_t i, j; *last = node; *depth = 0; - for (i = 0; buf[i] != '\0'; i++) { + for (i = 0; i < nbuf; i++) { char c = buf[i]; next = NULL; @@ -2505,7 +2505,7 @@ static int extract_esc_cap(struct tb_event *event) { struct cap_trie_t *node; size_t depth; - if_err_return(rv, cap_trie_find(in->buf, &node, &depth)); + if_err_return(rv, cap_trie_find(in->buf, in->len, &node, &depth)); if (node->is_leaf) { // Found a leaf node event->type = TB_EVENT_KEY; -- 2.39.5