From 6c55ecf1a174549df596b52c00f055b6ff43f15d Mon Sep 17 00:00:00 2001
From: Boris Faure <billiob@gmail.com>
Date: Mon, 18 Mar 2019 22:34:21 +0100
Subject: [PATCH] termptyesc: fix hangs spotted by afl-fuzz + tests

---
 src/bin/termptyesc.c             |  6 ++++++
 tests/hang-invalid-truecolors.sh | 37 ++++++++++++++++++++++++++++++++
 tests/tests.results              |  1 +
 3 files changed, 44 insertions(+)
 create mode 100755 tests/hang-invalid-truecolors.sh

diff --git a/src/bin/termptyesc.c b/src/bin/termptyesc.c
index 134a11ec..f8f385ff 100644
--- a/src/bin/termptyesc.c
+++ b/src/bin/termptyesc.c
@@ -607,6 +607,12 @@ _csi_truecolor_arg_get(Termpty *ty, Eina_Unicode **ptr)
         *ptr = NULL;
         return -CSI_ARG_NO_VALUE;
      }
+   /* invalid values */
+   if ((*b < '0') || (*b > '9'))
+     {
+        *ptr = NULL;
+        return -CSI_ARG_ERROR;
+     }
 
    while ((*b >= '0') && (*b <= '9'))
      {
diff --git a/tests/hang-invalid-truecolors.sh b/tests/hang-invalid-truecolors.sh
new file mode 100755
index 00000000..74d80d6a
--- /dev/null
+++ b/tests/hang-invalid-truecolors.sh
@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# fill space with E
+printf '\033#8'
+
+# set color
+printf '\033[46;31;3m'
+
+##
+# invalid foreground/background truecolors, separated with ':'
+##
+# RGB
+printf '\033[48:2:244:144:25:>m'
+printf '\033[38:2:56:150:199:>m'
+
+# CMY
+printf '\033[48:3:4:43:90:>m'
+printf '\033[38:3:78:41:22:>m'
+
+# CMYK
+printf '\033[48:4::0:41:90:4:>m'
+printf '\033[38:4::72:25:0:22:>m'
+
+##
+# invalid foreground/background truecolors, separated with ':'
+##
+# RGB
+printf '\033[48;2;244;144;25;>m'
+printf '\033[38;2;56;150;199;>m'
+
+# CMY
+printf '\033[48;3;4;43;90;>m'
+printf '\033[38;3;78;41;22;>m'
+
+# CMYK
+printf '\033[48;4;0;41;90;4;>m'
+printf '\033[38;4;72;25;0;22;>m'
diff --git a/tests/tests.results b/tests/tests.results
index 123fed3f..a5d2b9b0 100644
--- a/tests/tests.results
+++ b/tests/tests.results
@@ -31,6 +31,7 @@ dsr-udk.sh 0d8dd90df01e63af33924cd49e0df945
 colors.sh c98080b6ede33b2e7e3b68776cb28132
 sgr-leading-trailing-semicolon.sh 079efb55d1a716dc2ad7111e54ec4538
 sgr-truecolors.sh 74e7c0e3718818f0e0ab0f9f8caeb894
+hang-invalid-truecolors.sh fa5de74f9994d29d17d506fe870f760d
 sgr-long.sh 992d1bed20d6479533d328eaa34598e9
 decsclm.sh fa5de74f9994d29d17d506fe870f760d
 cha.sh 45484618660b9e06c5203a8151797513