limepotato/jexer
1
0
Fork 0
mirror of https://gitlab.com/AutumnMeowMeow/jexer synced 2024-09-19 11:50:19 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

#105 fix CVE-2022-24130

Browse source
This commit is contained in:
Autumn Lamonte 2022-02-01 15:39:57 -06:00
parent f2706377d5
commit 43eabfbf2e
1 changed files with 9 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
src/jexer/tterminal/SixelDecoder.java
View file

@ -349,7 +349,15 @@ public class SixelDecoder {
} }
int rgb = color.getRGB(); int rgb = color.getRGB();
int rep = (repeatCount == -1 ? 1 : repeatCount); // As per jerch who has read STD 070 much more than I have, the
// repeat counter may not exceed 2^15 - 1; and a value of 0 means 1
// pixel wide. CVE-2022-24130 shows how to exceed memory / crash if
// this value is not checked.
int rep = Math.min(Math.max(1, (repeatCount == -1 ? 1 : repeatCount)),
32767);
// Also clamp to the maximum allowed image width, like foot terminal
// does.
rep = Math.min(rep, MAX_WIDTH);
if (DEBUG) { if (DEBUG) {
System.err.println("addSixel() rep " + rep + " char " + System.err.println("addSixel() rep " + rep + " char " +