Prevent crash when VTParameters::subspan is out of range #15235
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
microsoft-github-policy-service
bot
added
the
Issue-Bug
j4james
force-pushed
the
fix-subspan-crash
branch
from
727c729
to
f965e39
Compare
DHowett
approved these changes
Apr 25, 2023
zadjii-msft
approved these changes
Apr 25, 2023
DHowett
pushed a commit
that referenced
this pull request
Apr 25, 2023
## Summary of the Pull Request There are certain escape sequences that use the `VTParameters::subspan` method to access a subsection of the provided parameter list. When the parameter list is empty, that `subspan` call can end up using an offset that is out of range, which causes the terminal to crash. This PR stops that from happening by clamping the offset so it's in range. ## References and Relevant Issues This bug effected the `DECCARA` and `DECRARA` operations introduced in PR #14285, and the `DECPS` operation introduced in PR #13208. ## Validation Steps Performed I've manually confirmed that the sequences mentioned above are no longer crashing when executed with an empty parameter list, and I've added a little unit test that checks `VTParameters::subspan` method is returning the expected results when passed an offset that is out of range. ## PR Checklist - [x] Closes #15234 - [x] Tests added/passed - [ ] Documentation updated - [ ] Schema updated (if necessary) (cherry picked from commit e413a41) Service-Card-Id: 89001985 Service-Version: 1.17
|
Any chance this also stealth fixed #12378? |
No, but it looks like it was fixed a while ago. Technically the original crash was fixed by PR #12432, although it was still throwing an internal exception at that point. That exception was later fixed by PR #14093 I think. So the bottom line is you can probably close that issue now. |
|
Wow thanks for the diligence! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary of the Pull Request
There are certain escape sequences that use the
VTParameters::subspanmethod to access a subsection of the provided parameter list. When the
parameter list is empty, that
subspancall can end up using an offsetthat is out of range, which causes the terminal to crash. This PR stops
that from happening by clamping the offset so it's in range.
References and Relevant Issues
This bug effected the
DECCARAandDECRARAoperations introduced inPR #14285, and the
DECPSoperation introduced in PR #13208.Validation Steps Performed
I've manually confirmed that the sequences mentioned above are no longer
crashing when executed with an empty parameter list, and I've added a
little unit test that checks
VTParameters::subspanmethod is returningthe expected results when passed an offset that is out of range.
PR Checklist