From feeee4b5832b17641e505b7083e0d299fdae318e Mon Sep 17 00:00:00 2001
From: Christian Persch <chpe@gnome.org>
Date: Sat, 19 May 2012 17:36:09 +0000
Subject: emulation: Limit integer arguments to 65535

To guard against malicious sequences containing excessively big numbers,
limit all parsed numbers to 16 bit range. Doing this here in the parsing
routine is a catch-all guard; this doesn't preclude enforcing
more stringent limits in the handlers themselves.

https://bugzilla.gnome.org/show_bug.cgi?id=676090
---
diff --git a/src/table.c b/src/table.c
index 140e8c8..85cf631 100644
--- a/src/table.c
+++ b/src/table.c
@@ -550,7 +550,7 @@ _vte_table_extract_numbers(GValueArray **array,
 		if (G_UNLIKELY (*array == NULL)) {
 			*array = g_value_array_new(1);
 		}
-		g_value_set_long(&value, total);
+		g_value_set_long(&value, CLAMP (total, 0, G_MAXUSHORT));
 		g_value_array_append(*array, &value);
 	} while (i++ < arginfo->length);
 	g_value_unset(&value);
diff --git a/src/vteseq.c b/src/vteseq.c
index 457c06a..46def5b 100644
--- a/src/vteseq.c
+++ b/src/vteseq.c
@@ -557,7 +557,7 @@ vte_sequence_handler_multiple(VteTerminal *terminal,
                               GValueArray *params,
                               VteTerminalSequenceHandler handler)
 {
-        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXLONG);
+        vte_sequence_handler_multiple_limited(terminal, params, handler, G_MAXUSHORT);
 }
 
 static void
--
cgit v0.9.0.2
input type='hidden' name='id' value='fb42a8d996999da1717cc9366ebfab25cf6a5921'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=fb42a8d996999da1717cc9366ebfab25cf6a5921'>root</a>/<a href='/guix/log/m4?id=fb42a8d996999da1717cc9366ebfab25cf6a5921'>m4</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/m4?id=fb42a8d996999da1717cc9366ebfab25cf6a5921&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-01-14 11:41:15 +0200'>2022-01-14</span></td><td><a href='/guix/commit/m4?id=03b45230d409c5f09e6ad18f23f313a13dbddb7d'>gnu: bootstrap: Add support for riscv64-linux.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2021-12-14 18:33:49 +0200'>2021-12-14</span></td><td><a href='/guix/commit/m4?id=08d15a24c90e597f1656c3c0c3dbccf2022517de'>build: Adjust 'courage level' of different systems.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2021-05-23 22:23:18 +0300'>2021-05-23</span></td><td><a href='/guix/commit/m4?id=cbdb7d4fea928febc105985c03b8fb5d6eda3d27'>gnu: bootstrap: Add support for powerpc-linux.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2021-03-23 23:19:57 -0700'>2021-03-23</span></td><td><a href='/guix/commit/m4?id=a16eb6c5f97f136b678540ba61f12b2c08e43e13'>Add powerpc64le-linux as a supported Guix architecture.</a><span class='msg-avail'>...</span></td><td>Chris Marusich</td></tr>
<tr><td><span title='2021-03-17 12:03:23 +0100'>2021-03-17</span></td><td><a href='/guix/commit/m4?id=62a091368df3bab499142d06f5114a73915c71f2'>maint: Check whether Guile-zlib is recent enough.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-02-04 09:23:39 +0100'>2021-02-04</span></td><td><a href='/guix/commit/m4?id=55daad123e896c0e83361496cf49625289ee3571'>build: Add '--with-channel-commit' and related configure flags.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-12-11 19:06:53 +0100'>2020-12-11</span></td><td><a href='/guix/commit/m4?id=dbdae9f96f11a006993b659e0e7fd5cbf467f844'>maint: Avoid macros obsolete in Autoconf 2.70.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-10-22 17:10:25 +0200'>2020-10-22</span></td><td><a href='/guix/commit/m4?id=59bb1ae3a9aeae75a75b20090253613a7a8800d8'>git: Require Guile-Git 0.3.0 or later.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-09-08 00:47:35 +0200'>2020-09-08</span></td><td><a href='/guix/commit/m4?id=b5eb901ab508e13a10d8c11fe0c9d0d06dddce96'>Remove (guix json) and require Guile-JSON 4.3.0+.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-08-29 16:24:17 +0200'>2020-08-29</span></td><td><a href='/guix/commit/m4?id=f5d3a1690cb78ce9413b78352f1030bf4801617a'>build: Remove check for Guile 2.2.1 bug.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-08-24 13:35:24 +0200'>2020-08-24</span></td><td><a href='/guix/commit/m4?id=4c0c65acfade63ce0549115d19db4b639c1e9992'>Use "guile-zlib" and "guile-lzlib" instead of (guix config).</a><span class='msg-avail'>...</span></td><td>Mathieu Othacehe</td></tr>
<tr><td><span title='2020-07-20 23:25:09 +0200'>2020-07-20</span></td><td><a href='/guix/commit/m4?id=e8088f0b06c2193f2cce04a48aa1350229442a9f'>ssh: Speed up RPCs by using #:nodelay.</a><span class='msg-avail'>...</span></td><td>Lars-Dominik Braun</td></tr>
<tr><td><span title='2020-05-28 11:12:40 +0300'>2020-05-28</span></td><td><a href='/guix/commit/m4?id=03e6404936ef0974fdbc877d537b97b28e54124d'>doc: Remove explicit support for mips64el-linux.</a><span class='msg-avail'>...</span></td><td>Efraim Flashner</td></tr>
<tr><td><span title='2020-05-28 00:55:00 +0200'>2020-05-28</span></td><td><a href='/guix/commit/m4?id=c1dc50ab202fafedde3a6b70ce6339496ad53a51'>maint: Check whether Guile-Gcrypt is recent enough.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-02-22 00:45:58 +0100'>2020-02-22</span></td><td><a href='/guix/commit/m4?id=378918725259d221222dd0b1831fbaa3e0a17e1f'>build: Depend on guile-ssh 0.12.0</a><span class='msg-avail'>...</span></td><td>Lars-Dominik Braun</td></tr>

Age	Commit message (Expand)	Author
2022-01-14	gnu: bootstrap: Add support for riscv64-linux....	Efraim Flashner
2021-12-14	build: Adjust 'courage level' of different systems....	Efraim Flashner
2021-05-23	gnu: bootstrap: Add support for powerpc-linux....	Efraim Flashner
2021-03-23	Add powerpc64le-linux as a supported Guix architecture....	Chris Marusich
2021-03-17	maint: Check whether Guile-zlib is recent enough....	Ludovic Courtès
2021-02-04	build: Add '--with-channel-commit' and related configure flags....	Ludovic Courtès
2020-12-11	maint: Avoid macros obsolete in Autoconf 2.70....	Ludovic Courtès
2020-10-22	git: Require Guile-Git 0.3.0 or later....	Ludovic Courtès
2020-09-08	Remove (guix json) and require Guile-JSON 4.3.0+....	Ludovic Courtès
2020-08-29	build: Remove check for Guile 2.2.1 bug....	Ludovic Courtès
2020-08-24	Use "guile-zlib" and "guile-lzlib" instead of (guix config)....	Mathieu Othacehe
2020-07-20	ssh: Speed up RPCs by using #:nodelay....	Lars-Dominik Braun
2020-05-28	doc: Remove explicit support for mips64el-linux....	Efraim Flashner
2020-05-28	maint: Check whether Guile-Gcrypt is recent enough....	Ludovic Courtès
2020-02-22	build: Depend on guile-ssh 0.12.0...	Lars-Dominik Braun