From 2e75539fb922833023cd9c56026a87f395167fd7 Mon Sep 17 00:00:00 2001
From: Boris Faure <billiob@gmail.com>
Date: Mon, 25 Nov 2019 20:02:37 +0100
Subject: [PATCH] termptyesc: handle invalid values for OSC + test

- missing value is as if 0
- overflow
- hex
- negative value
---
 src/bin/termptyesc.c | 32 ++++++++++++++++++++++++++++----
 tests/osc-invalid.sh | 33 +++++++++++++++++++++++++++++++++
 tests/tests.results  |  1 +
 3 files changed, 62 insertions(+), 4 deletions(-)
 create mode 100755 tests/osc-invalid.sh

diff --git a/src/bin/termptyesc.c b/src/bin/termptyesc.c
index 815cf7b1..84f93f26 100644
--- a/src/bin/termptyesc.c
+++ b/src/bin/termptyesc.c
@@ -3387,22 +3387,44 @@ unhandled:
 }
 
 static int
-_osc_arg_get(Eina_Unicode **ptr)
+_osc_arg_get(Termpty *ty, Eina_Unicode **ptr)
 {
    Eina_Unicode *b = *ptr;
    int sum = 0;
 
+   if ((b == NULL) || (*b == '\0'))
+     {
+        *ptr = NULL;
+        sum = -ESC_ARG_NO_VALUE;
+        goto error;
+     }
+
    while (*b >= '0' && *b <= '9')
      {
         sum *= 10;
         sum += *b - '0';
         b++;
+        if (sum >= 65536)
+          {
+             sum = -ESC_ARG_ERROR;
+             goto error;
+          }
      }
    if (*b != ';')
-     sum = -1;
+     {
+        sum = -ESC_ARG_ERROR;
+        goto error;
+     }
    else
      b++;
    *ptr = b;
+
+   return sum;
+
+error:
+   ERR("Invalid OSC argument");
+   ty->decoding_error = EINA_TRUE;
+   *ptr = NULL;
    return sum;
 }
 
@@ -3728,11 +3750,13 @@ _handle_esc_osc(Termpty *ty, const Eina_Unicode *c, const Eina_Unicode *ce)
    else
      return 0;
 
-   arg = _osc_arg_get(&p);
+   arg = _osc_arg_get(ty, &p);
    switch (arg)
      {
-      case -1:
+      case -ESC_ARG_ERROR:
          goto err;
+      case -ESC_ARG_NO_VALUE:
+         EINA_FALLTHROUGH;
       case 0:
         // title + icon name
         if (!*p)
diff --git a/tests/osc-invalid.sh b/tests/osc-invalid.sh
new file mode 100755
index 00000000..b9f5648b
--- /dev/null
+++ b/tests/osc-invalid.sh
@@ -0,0 +1,33 @@
+#!/bin/sh
+
+# fill space with E
+printf '\033#8'
+#set color
+printf '\033[46;31;3m'
+
+# set title + icon
+printf '\033]0;foobar\007'
+
+# set again title + icon with no command
+printf '\033];no command\007'
+
+# set again title + icon with id as double
+printf '\033]00;double\007'
+
+# set again title + icon with id as hex
+printf '\033]0x0;hex\007'
+
+# set again title + icon with id as negative zero
+printf '\033]-0;negative zero\007'
+
+# set again title + icon with id as negative value
+printf '\033]-2;negative value\007'
+
+# set again title + icon with space
+printf '\033] 0;with spaces\007'
+
+# set again title + icon with space
+printf '\033]0 ;with spaces v2\007'
+
+# set again title + icon with overflow
+printf '\033]99999999999999999999999999999999999999999999999999;overflow\007'
diff --git a/tests/tests.results b/tests/tests.results
index 356b5ade..1c6c915f 100644
--- a/tests/tests.results
+++ b/tests/tests.results
@@ -122,3 +122,4 @@ osc-11-query.sh b762d503e40641ff896dac46391ad7a8
 link_detection.sh bbe87a849586e8b922f26ad5d88146dc
 selection_with_tabs.sh 23557497a8f28ca246048bb2443b3dab
 selection_empty_lines.sh 7a90d9bfde9e9fb7f067f6c08eac57ff
+osc-invalid.sh 0acecbe16bb3b257745787c40affdb90