From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001 From: Christian Persch Date: Sat, 19 May 2012 17:36:09 +0000 Subject: emulation: Limit integer arguments to 65535 To guard against malicious sequences containing excessively big numbers, limit all parsed numbers to 16 bit range. Doing this here in the parsing routine is a catch-all guard; this doesn't preclude enforcing more stringent limits in the handlers themselves. https://bugzilla.gnome.org/show_bug.cgi?id=676090 --- diff --git a/src/table.c b/src/table.c index 140e8c8..85cf631 100644 --- a/src/table.c +++ b/src/table.c @@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array, if (G_UNLIKELY (*array == NULL)) { *array = g_value_array_new(1); } - g_value_set_long(&value, total); + g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT)); g_value_array_append(*array, &value); } while (i++ < arginfo->length); g_value_unset(&value); diff --git a/src/vteseq.c b/src/vteseq.c index 457c06a..46def5b 100644 --- a/src/vteseq.c +++ b/src/vteseq.c @@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal, GValueArray *params, VteTerminalSequenceHandler handler) { - vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG); + vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT); } static void -- cgit v0.9.0.2 2473fb40248d202bc53'>diff
path: root/gnu/packages/dav.scm
AgeCommit message (Expand)Author
2023-07-16gnu: xandikos: Update to 0.2.8....* gnu/packages/dav.scm (xandikos): Update to 0.2.8. Tobias Geerinckx-Rice
2023-07-16gnu: vdirsyncer: Use G-expressions....* gnu/packages/dav.scm (vdirsyncer)[arguments]: Rewrite as G-expressions. Tobias Geerinckx-Rice
2023-07-16gnu: vdirsyncer: Update to 0.19.2....* gnu/packages/dav.scm (vdirsyncer): Update to 0.19.2. Tobias Geerinckx-Rice
2023-03-08gnu: vdirsyncer: Update to 0.19.1....* gnu/packages/dav.scm (vdirsyncer): Update to 0.19.1. Efraim Flashner
2022-12-06gnu: vdirsyncer: Don't propagate python packages....* gnu/packages/dav.scm (vdirsyncer)[propagated-inputs]: Move all packages ... [inputs]: ... to here. Efraim Flashner
2022-12-06gnu: vdirsyncer: Update to 0.19.0....* gnu/packages/dav.scm (vdirsyncer): Update to 0.19.0. [arguments]: Remove trailing #t in phases. Remove phase generating the manpage. [native-inputs]: Add python-aioresponses, python-click, python-trustme, python-pytest-asyncio, python-pytest-cov, python-pytest-httpserver. Remove python-pytest-localserver, python-pytest-subtesthack, python-urllib3, python-wsgi-interpreter. [inputs]: Remove field. [propagated-inputs]: Add python-aiohttp, python-aiostream. Remove python-click-threading. * gnu/packages/python-xyz.scm (python-click-5): Remove variable. Efraim Flashner