From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
From: Christian Persch <chpe@gnome.org>
Date: Sat, 19 May 2012 17:36:09 +0000
Subject: emulation: Limit integer arguments to 65535

To guard against malicious sequences containing excessively big numbers,
limit all parsed numbers to 16 bit range. Doing this here in the parsing
routine is a catch-all guard; this doesn't preclude enforcing
more stringent limits in the handlers themselves.

https://bugzilla.gnome.org/show_bug.cgi?id=676090
---
diff --git a/src/table.c b/src/table.c
index 140e8c8..85cf631 100644
--- a/src/table.c
+++ b/src/table.c
@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
 		if (G_UNLIKELY (*array == NULL)) {
 			*array = g_value_array_new(1);
 		}
-		g_value_set_long(&value, total);
+		g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
 		g_value_array_append(*array, &value);
 	} while (i++ < arginfo->length);
 	g_value_unset(&value);
diff --git a/src/vteseq.c b/src/vteseq.c
index 457c06a..46def5b 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
                               GValueArray *params,
                               VteTerminalSequenceHandler handler)
 {
-        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
 }
 
 static void
--
cgit v0.9.0.2
1adb31c0589f87367eb4021dd'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/gnu/packages/mate.scm'>
<input type='hidden' name='id' value='ca1749c243f7ac81adb31c0589f87367eb4021dd'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=ca1749c243f7ac81adb31c0589f87367eb4021dd'>root</a>/<a href='/guix/log/gnu?id=ca1749c243f7ac81adb31c0589f87367eb4021dd'>gnu</a>/<a href='/guix/log/gnu/packages?id=ca1749c243f7ac81adb31c0589f87367eb4021dd'>packages</a>/<a href='/guix/log/gnu/packages/mate.scm?id=ca1749c243f7ac81adb31c0589f87367eb4021dd'>mate.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/gnu/packages/mate.scm?id=ca1749c243f7ac81adb31c0589f87367eb4021dd&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2023-12-08 20:49:29 +0100'>2023-12-08</span></td><td><a href='/guix/commit/gnu/packages/mate.scm?id=f3da903b0169edc19e07be5a91c80488332abe09'>gnu: Make webkitgtk-next the new webkitgtk.</a><span class='msg-avail'>...<span class='msg-tooltip'>As of version 2.42.0, the WebKit 6.0 typelib is considered stable.
With GNOME itself moving to GTK4 as time marches on, we should reflect
the fact that this is the preferred Webkit for future applications.

* gnu/packages/webkit.scm (webkitgtk-next): Remove variable.  Inline logic…
(webkitgtk): … here.  Move old value …
(webkitgtk-for-gtk3): … here.
(webkitgtk-with-libsoup2): Inherit from webkitgtk-for-gtk3.
* gnu/packages/geo.scm (gnome-maps): Adjust accordingly.
* gnu/packages/gnome.scm (gnome-initial-setup, sushi)
(cambalache, devhelp, devhelp-with-libsoup2, gnome-online-accounts)
(gnome-online-accounts-3.44, evolution-data-server, evolution-data-server-3.44)
(lollypop, evolution, gnome-boxes, geary, komikku): Likewise.
* gnu/packages/guile-xyz.scm (guile-gi, nomad): Likewise.
* gnu/packages/lisp-xyz.scm (sbcl-cl-webkit): Likewise.
* gnu/packages/mail.scm (balsa): Likewise.
* gnu/packages/mate.scm (atril): Likewise.
* gnu/packages/music.scm (ctrlr): Likewise.
* gnu/packages/rednotebook.scm (rednotebook): Likewise.
* gnu/packages/syndication.scm<tr><td><span title='2021-01-21 11:22:08 +0100'>2021-01-21</span></td><td><a href='/guix/commit/tests/swh.scm?id=5225732b9b54ffa92b9d199246b87dae666a3f77'>swh: Test proper handling of null visit snapshot URL.</a><span class='msg-avail'>...<span class='msg-tooltip'>* tests/swh.scm (%origin): Change "visits_url" to "origin_visits_url".
(%visits): New variable.
("origin-visit, no snapshots"): New test.
</span></span></td><td>Ludovic Courtès</td></tr>

Age	Commit message (Expand)	Author
2023-12-08	gnu: Make webkitgtk-next the new webkitgtk....As of version 2.42.0, the WebKit 6.0 typelib is considered stable. With GNOME itself moving to GTK4 as time marches on, we should reflect the fact that this is the preferred Webkit for future applications. * gnu/packages/webkit.scm (webkitgtk-next): Remove variable. Inline logic… (webkitgtk): … here. Move old value … (webkitgtk-for-gtk3): … here. (webkitgtk-with-libsoup2): Inherit from webkitgtk-for-gtk3. * gnu/packages/geo.scm (gnome-maps): Adjust accordingly. * gnu/packages/gnome.scm (gnome-initial-setup, sushi) (cambalache, devhelp, devhelp-with-libsoup2, gnome-online-accounts) (gnome-online-accounts-3.44, evolution-data-server, evolution-data-server-3.44) (lollypop, evolution, gnome-boxes, geary, komikku): Likewise. * gnu/packages/guile-xyz.scm (guile-gi, nomad): Likewise. * gnu/packages/lisp-xyz.scm (sbcl-cl-webkit): Likewise. * gnu/packages/mail.scm (balsa): Likewise. * gnu/packages/mate.scm (atril): Likewise. * gnu/packages/music.scm (ctrlr): Likewise. * gnu/packages/rednotebook.scm (rednotebook): Likewise. * gnu/packages/syndication.scm
2021-01-21	swh: Test proper handling of null visit snapshot URL....* tests/swh.scm (%origin): Change "visits_url" to "origin_visits_url". (%visits): New variable. ("origin-visit, no snapshots"): New test.	Ludovic Courtès