[pve-devel] [PATCH] fix bound checking on cursor move

Dominik Csapak d.csapak at proxmox.com
Fri May 5 14:18:36 CEST 2017


changing most of the vt struct fields to unsigned, to avoid undefined
behaviour and use gotoxy for moving the cursor to correctly bound check
the cursor position

Signed-off-by: Dominik Csapak <d.csapak at proxmox.com>
---
 spiceterm.c | 20 ++++----------------
 spiceterm.h | 14 +++++++-------
 2 files changed, 11 insertions(+), 23 deletions(-)

diff --git a/spiceterm.c b/spiceterm.c
index bcb38c6..fdcafbc 100644
--- a/spiceterm.c
+++ b/spiceterm.c
@@ -865,10 +865,7 @@ spiceterm_putchar(spiceTerm *vt, gunichar2 ch)
             if (vt->esc_buf[0] == 0) {
                 vt->esc_buf[0] = 1;
             }
-            vt->cy -= vt->esc_buf[0];
-            if (vt->cy < 0) {
-                vt->cy = 0;
-            }
+            spiceterm_gotoxy(vt, vt->cx, vt->cy - vt->esc_buf[0]);
             break;
         case 'B':
         case 'e':
@@ -876,10 +873,7 @@ spiceterm_putchar(spiceTerm *vt, gunichar2 ch)
             if (vt->esc_buf[0] == 0) {
                 vt->esc_buf[0] = 1;
             }
-            vt->cy += vt->esc_buf[0];
-            if (vt->cy >= vt->height) {
-                vt->cy = vt->height - 1;
-            }
+            spiceterm_gotoxy(vt, vt->cx, vt->cy + vt->esc_buf[0]);
             break;
         case 'C':
         case 'a':
@@ -887,20 +881,14 @@ spiceterm_putchar(spiceTerm *vt, gunichar2 ch)
             if (vt->esc_buf[0] == 0) {
                 vt->esc_buf[0] = 1;
             }
-            vt->cx += vt->esc_buf[0];
-            if (vt->cx >= vt->width) {
-                vt->cx = vt->width - 1;
-            }
+            spiceterm_gotoxy(vt, vt->cx + vt->esc_buf[0], vt->cy);
             break;
         case 'D':
             /* move cursor left */
             if (vt->esc_buf[0] == 0) {
                 vt->esc_buf[0] = 1;
             }
-            vt->cx -= vt->esc_buf[0];
-            if (vt->cx < 0) {
-                vt->cx = 0;
-            }
+            spiceterm_gotoxy(vt, vt->cx - vt->esc_buf[0], vt->cy);
             break;
         case 'G':
         case '`':
diff --git a/spiceterm.h b/spiceterm.h
index 7993c6a..0e238ca 100644
--- a/spiceterm.h
+++ b/spiceterm.h
@@ -112,19 +112,19 @@ typedef struct spiceTerm {
     // cursor
     TextAttributes cur_attrib;
     TextAttributes cur_attrib_saved;
-    int tty_state; // 0 - normal, 1 - ESC, 2 - CSI
+    unsigned int tty_state; // 0 - normal, 1 - ESC, 2 - CSI
     int cx; // cursor x position
     int cy; // cursor y position
     int cx_saved; // saved cursor x position
     int cy_saved; // saved cursor y position
-    int esc_buf[MAX_ESC_PARAMS];
-    int esc_count;
-    int esc_ques;
-    int esc_has_par;
+    unsigned int esc_buf[MAX_ESC_PARAMS];
+    unsigned int esc_count;
+    unsigned int esc_ques;
+    unsigned int esc_has_par;
     char osc_textbuf[4096];
     char osc_cmd;
-    int region_top;
-    int region_bottom;
+    unsigned int region_top;
+    unsigned int region_bottom;
 
     unsigned int charset:1; // G0 or G1
     unsigned int charset_saved:1; // G0 or G1
-- 
2.11.0





More information about the pve-devel mailing list