From 88137396733896eb5e49c2b3b73d9a496d6ce49a Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Fri, 12 Nov 2021 16:01:15 +0000
Subject: patch 8.2.3585: crash when passing float to "term_rows" of
 term_start()

Problem:    Crash when passing float to "term_rows" in the options argument of
            term_start(). (Virginia Senioria)
Solution:   Bail out if the argument is not a number. (closes #9116)
---
 src/job.c                     | 6 +++++-
 src/terminal.c                | 3 ++-
 src/testdir/test_terminal.vim | 4 ++++
 src/version.c                 | 2 ++
 4 files changed, 13 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/job.c b/src/job.c
index fcb482c70..80cb47eeb 100644
--- a/src/job.c
+++ b/src/job.c
@@ -424,10 +424,14 @@ get_job_options(typval_T *tv, jobopt_T *opt, int supported, int supported2)
 	    }
 	    else if (STRCMP(hi->hi_key, "term_rows") == 0)
 	    {
+		int error = FALSE;
+
 		if (!(supported2 & JO2_TERM_ROWS))
 		    break;
 		opt->jo_set2 |= JO2_TERM_ROWS;
-		opt->jo_term_rows = tv_get_number(item);
+		opt->jo_term_rows = tv_get_number_chk(item, &error);
+		if (error)
+		    return FAIL;
 	    }
 	    else if (STRCMP(hi->hi_key, "term_cols") == 0)
 	    {
diff --git a/src/terminal.c b/src/terminal.c
index bb3035bdf..1adf690ad 100644
--- a/src/terminal.c
+++ b/src/terminal.c
@@ -4473,7 +4473,8 @@ static VTermStateFallbacks state_fallbacks = {
     static void *
 vterm_malloc(size_t size, void *data UNUSED)
 {
-    return alloc_clear(size);
+    // make sure that the length is not zero
+    return alloc_clear(size == 0 ? 1L : size);
 }
 
     static void
diff --git a/src/testdir/test_terminal.vim b/src/testdir/test_terminal.vim
index eb5924a30..3e263efd2 100644
--- a/src/testdir/test_terminal.vim
+++ b/src/testdir/test_terminal.vim
@@ -467,6 +467,10 @@ func Test_terminal_size()
   bwipe!
   call assert_equal([7, 27], size)
 
+  if has('float')
+    call assert_fails("call term_start(cmd, {'term_rows': 10.0})", 'E805:')
+  endif
+
   call delete('Xtext')
 endfunc
 
diff --git a/src/version.c b/src/version.c
index c13ea68b9..39d1b8ab7 100644
--- a/src/version.c
+++ b/src/version.c
@@ -757,6 +757,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    3585,
 /**/
     3584,
 /**/
-- 
cgit v1.2.1