From a6e8bf2d8929ef52eeda495e0e0c3d2bff8f5830 Mon Sep 17 00:00:00 2001
From: Bram Moolenaar <Bram@vim.org>
Date: Tue, 16 Jun 2020 20:58:07 +0200
Subject: patch 8.2.0989: crash after resizing a terminal window

Problem:    Crash after resizing a terminal window. (August Masquelier)
Solution:   Add check for valid row in libvterm. (closes #6273)
---
 src/libvterm/src/screen.c |  6 ++++++
 src/libvterm/src/state.c  | 11 +++++++++++
 src/version.c             |  2 ++
 3 files changed, 19 insertions(+)

(limited to 'src')

diff --git a/src/libvterm/src/screen.c b/src/libvterm/src/screen.c
index 3e72e4bbe..e5d740b2d 100644
--- a/src/libvterm/src/screen.c
+++ b/src/libvterm/src/screen.c
@@ -280,6 +280,12 @@ static int erase_internal(VTermRect rect, int selective, void *user)
     for(col = rect.start_col; col < rect.end_col; col++) {
       ScreenCell *cell = getcell(screen, row, col);
 
+      if (cell == NULL)
+      {
+        DEBUG_LOG2("libvterm: erase_internal() position invalid: %d / %d",
+								     row, col);
+	return 1;
+      }
       if(selective && cell->pen.protected_cell)
         continue;
 
diff --git a/src/libvterm/src/state.c b/src/libvterm/src/state.c
index a62182233..dd25726db 100644
--- a/src/libvterm/src/state.c
+++ b/src/libvterm/src/state.c
@@ -16,6 +16,12 @@ static int on_resize(int rows, int cols, void *user);
 static void putglyph(VTermState *state, const uint32_t chars[], int width, VTermPos pos)
 {
   VTermGlyphInfo info;
+
+  if (pos.row >= state->rows)
+  {
+    DEBUG_LOG2("libvterm: putglyph() pos.row %d out of range (rows = %d)\n", pos.row, state.rows);
+    return;
+  }
   info.chars = chars;
   info.width = width;
   info.protected_cell = state->protected_cell;
@@ -283,6 +289,11 @@ static int on_text(const char bytes[], size_t len, void *user)
 
   VTermPos oldpos = state->pos;
 
+  if (state->pos.row >= state->rows)
+  {
+    DEBUG_LOG2("libvterm: on_text() pos.row %d out of range (rows = %d)\n", state->pos.row, state.rows);
+    return 0;
+  }
   // We'll have at most len codepoints, plus one from a previous incomplete
   // sequence.
   codepoints = vterm_allocator_malloc(state->vt, (len + 1) * sizeof(uint32_t));
diff --git a/src/version.c b/src/version.c
index e1a41fb43..d69b5608f 100644
--- a/src/version.c
+++ b/src/version.c
@@ -754,6 +754,8 @@ static char *(features[]) =
 
 static int included_patches[] =
 {   /* Add new patch number below this line */
+/**/
+    989,
 /**/
     988,
 /**/
-- 
cgit v1.2.1