Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH: avoid overflow with terminal sequences

X-seq: zsh-workers 54147
From: Oliver Kiddle <opk@xxxxxxx>
To: Zsh workers <zsh-workers@xxxxxxx>
Subject: PATCH: avoid overflow with terminal sequences
Date: Thu, 11 Dec 2025 00:31:20 +0100
Archived-at: <https://zsh.org/workers/54147>
List-id: <zsh-workers.zsh.org>

As the bracketed paste sequences are configurable, they could be much
longer. I had used a fixed size buffer for sequences but didn't allow
for this when moving the bracketed paste handling. The following patch
avoids overflows. This will truncate the sequence if it is too long.
Does anyone feel strongly that we need to allow for crazy values by
dynamically allocating and expanding the buffer? Thanks to Mikael for
noticing this.

Oliver

diff --git a/Src/Zle/termquery.c b/Src/Zle/termquery.c
index a2d617db8..c8f5385d9 100644
--- a/Src/Zle/termquery.c
+++ b/Src/Zle/termquery.c
@@ -703,10 +703,10 @@ collate_seq(int sindex, int dir)
 	}
         if (enabled) {
 	    if (i)
-		strucpy(&pos, editext[i].seq[sindex]);
+		struncpy(&pos, editext[i].seq[sindex], seq + sizeof(seq) - pos - 1);
 	    else if ((bracket = getaparam("zle_bracketed_paste")) &&
 		    arrlen(bracket) == 2)
-		strucpy(&pos, bracket[sindex]);
+		struncpy(&pos, bracket[sindex], seq + sizeof(seq) - pos - 1);
 	}
     }
     write_loop(SHTTY, seq, pos - seq);

Messages sorted by: Reverse Date, Date, Thread, Author