From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
From: Christian Persch <chpe@gnome.org>
Date: Sat, 19 May 2012 17:36:09 +0000
Subject: emulation: Limit integer arguments to 65535

To guard against malicious sequences containing excessively big numbers,
limit all parsed numbers to 16 bit range. Doing this here in the parsing
routine is a catch-all guard; this doesn't preclude enforcing
more stringent limits in the handlers themselves.

https://bugzilla.gnome.org/show_bug.cgi?id=676090
---
diff --git a/src/table.c b/src/table.c
index 140e8c8..85cf631 100644
--- a/src/table.c
+++ b/src/table.c
@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
 		if (G_UNLIKELY (*array == NULL)) {
 			*array = g_value_array_new(1);
 		}
-		g_value_set_long(&value, total);
+		g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
 		g_value_array_append(*array, &value);
 	} while (i++ < arginfo->length);
 	g_value_unset(&value);
diff --git a/src/vteseq.c b/src/vteseq.c
index 457c06a..46def5b 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
                               GValueArray *params,
                               VteTerminalSequenceHandler handler)
 {
-        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
 }
 
 static void
--
cgit v0.9.0.2
ef='/guix/diff/gnu/tests/package-management.scm?id=ebfc61d1daab87929768e9037bd836b70f95ad65'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/tests/package-management.scm'>
<input type='hidden' name='id' value='ebfc61d1daab87929768e9037bd836b70f95ad65'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=ebfc61d1daab87929768e9037bd836b70f95ad65'>root</a>/<a href='/guix/log/gnu?id=ebfc61d1daab87929768e9037bd836b70f95ad65'>gnu</a>/<a href='/guix/log/gnu/tests?id=ebfc61d1daab87929768e9037bd836b70f95ad65'>tests</a>/<a href='/guix/log/gnu/tests/package-management.scm?id=ebfc61d1daab87929768e9037bd836b70f95ad65'>package-management.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/tests/package-management.scm?id=ebfc61d1daab87929768e9037bd836b70f95ad65&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2020-07-22 22:10:11 +0300'>2020-07-22</span></td><td><a href='/guix/commit/gnu/tests/package-management.scm?id=4656180d5de1fef2846bea9af27ae509f32376ba'>services: nix: Fix sandbox.</a><span class='msg-avail'>...<span class='msg-tooltip'>* gnu/tests/package-management.scm: New file.
* gnu/local.mk: Add this.
* gnu/services/nix.scm (&lt;nix-configuration&gt;): New record.
(nix-activation): Generate Nix config file which fixes sandbox.
(nix-service-type): Add default value.
(nix-shepherd-service): Allow provide Nix package.
* doc/guix.texi (Miscellaneous Services)[Nix service]&lt;nix-configuration&gt;:
Document record.
</span></span></td><td>Oleg Pykhalov</td></tr>