diff options
| author | zeertzjq <zeertzjq@outlook.com> | 2023-01-05 00:25:25 +0800 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-05 00:25:25 +0800 |
| commit | 89232b8b4890824f93121483626af582f13758fe (patch) | |
| tree | 837047b9041df8840b6bdeef9db0449404cd1551 /src | |
| parent | 1bd6e4469bb84bb49b342c10d9aa14ffd5f01187 (diff) | |
| download | rneovim-89232b8b4890824f93121483626af582f13758fe.tar.gz rneovim-89232b8b4890824f93121483626af582f13758fe.tar.bz2 rneovim-89232b8b4890824f93121483626af582f13758fe.zip | |
fix(tui): make a copy of data->params before unibi_format() (#21643)
Problem: When unibi_format() modifies params and data->buf overflows,
unibi_format() is called again, causing the params to be
modified twice. This can happen for escapes sequences that
use the %i terminfo format specifier (e.g. cursor_address),
which makes unibi_format() increase the param by 1.
Solution: Make a copy of data->params before calling unibi_format().
Diffstat (limited to 'src')
| -rw-r--r-- | src/nvim/tui/tui.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/src/nvim/tui/tui.c b/src/nvim/tui/tui.c index 3205547324..066567a87f 100644 --- a/src/nvim/tui/tui.c +++ b/src/nvim/tui/tui.c @@ -1635,11 +1635,13 @@ static void unibi_goto(UI *ui, int row, int col) } \ if (str) { \ unibi_var_t vars[26 + 26]; \ + unibi_var_t params[9]; \ size_t orig_pos = data->bufpos; \ memset(&vars, 0, sizeof(vars)); \ data->cork = true; \ retry: \ - unibi_format(vars, vars + 26, str, data->params, out, ui, pad, ui); \ + memcpy(params, data->params, sizeof(params)); \ + unibi_format(vars, vars + 26, str, params, out, ui, pad, ui); \ if (data->overflow) { \ data->bufpos = orig_pos; \ flush_buf(ui); \ |