Certain sequences with default parameters can trigger a crash #15234
Labels
In-PR
This issue has a related PR
Issue-Bug
It either shouldn't be doing this or needs an investigation.
Needs-Triage
It's a new issue that the core contributor team needs to triage at the next triage meeting
Comments
j4james
added
Issue-Bug
4 tasks
zadjii-msft
pushed a commit
that referenced
this issue
Apr 25, 2023
## Summary of the Pull Request There are certain escape sequences that use the `VTParameters::subspan` method to access a subsection of the provided parameter list. When the parameter list is empty, that `subspan` call can end up using an offset that is out of range, which causes the terminal to crash. This PR stops that from happening by clamping the offset so it's in range. ## References and Relevant Issues This bug effected the `DECCARA` and `DECRARA` operations introduced in PR #14285, and the `DECPS` operation introduced in PR #13208. ## Validation Steps Performed I've manually confirmed that the sequences mentioned above are no longer crashing when executed with an empty parameter list, and I've added a little unit test that checks `VTParameters::subspan` method is returning the expected results when passed an offset that is out of range. ## PR Checklist - [x] Closes #15234 - [x] Tests added/passed - [ ] Documentation updated - [ ] Schema updated (if necessary)
DHowett
pushed a commit
that referenced
this issue
Apr 25, 2023
## Summary of the Pull Request There are certain escape sequences that use the `VTParameters::subspan` method to access a subsection of the provided parameter list. When the parameter list is empty, that `subspan` call can end up using an offset that is out of range, which causes the terminal to crash. This PR stops that from happening by clamping the offset so it's in range. ## References and Relevant Issues This bug effected the `DECCARA` and `DECRARA` operations introduced in PR #14285, and the `DECPS` operation introduced in PR #13208. ## Validation Steps Performed I've manually confirmed that the sequences mentioned above are no longer crashing when executed with an empty parameter list, and I've added a little unit test that checks `VTParameters::subspan` method is returning the expected results when passed an offset that is out of range. ## PR Checklist - [x] Closes #15234 - [x] Tests added/passed - [ ] Documentation updated - [ ] Schema updated (if necessary) (cherry picked from commit e413a41) Service-Card-Id: 89001985 Service-Version: 1.17
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Windows Terminal version
1.17.1023
Windows build number
10.0.19045.2728
Other Software
No response
Steps to reproduce
printf "\e[\$r"Expected Behavior
That sequence executes the
DECCARAcontrol with all default parameters. That should have the effect of resetting the attributes of everything on the screen.Actual Behavior
The terminal hangs for a second, and then the tab closes (assumedly because the underlying conhost has crashed).
The problem arises when using the
VTParameters::subspanmethod to access an offset beyond the end of the original span. Other than theDECCARAsequence, this can also be triggered byDECRARAandDECPS. In the latter case, the whole terminal can crash rather than just the active tab. That may just be a matter of chance though.My suggested fix would be to change the
VTParameters::subspanimplementation here:terminal/src/terminal/adapter/DispatchTypes.hpp
Line 187 in 5ed3c76
to something like this:
That way an offset beyond the end of the source span would just produce an empty span (that's what I mistakenly assumed the
subspanwas already doing).The text was updated successfully, but these errors were encountered: