Don't abort for overlay large sixel payloads

Rust hasn't stabilized fallible allocation, so when we are presented with an implausibly large sixel, Rust terminates the program; it's not even a panick that we could potentially catch -> direct to termination. This commit introduces an arbitrary constraint so that we can avoid unconditionally terminating for this bad input case. Thanks to @klamonte for sharing this test case!
2024-11-22 13:16:39 +03:00 · 2021-06-19 13:01:17 -07:00 · 2021-06-19 13:01:17 -07:00 · d317f0f312
commit d317f0f312
parent d57bc9b3dc
1 changed files with 19 additions and 1 deletions
--- a/termwiz/src/escape/parser/mod.rs
+++ b/termwiz/src/escape/parser/mod.rs
@ -338,7 +338,25 @@ impl SixelBuilder {
                self.sixel.pixel_height = pixel_height;

                if let (Some(w), Some(h)) = (pixel_width, pixel_height) {
-                    self.sixel.data.reserve(w as usize * h as usize);
+                    let size = w as usize * h as usize;
+                    // Ideally we'd just use `try_reserve` here, but that is
+                    // nightly Rust only at the time of writing this comment:
+                    // <https://github.com/rust-lang/rust/issues/48043>
+                    const MAX_SIXEL_SIZE: usize = 100_000_000;
+                    if size > MAX_SIXEL_SIZE {
+                        log::error!(
+                            "Ignoring sixel data {}x{} because {} bytes > max allowed {}",
+                            w,
+                            h,
+                            size,
+                            MAX_SIXEL_SIZE
+                        );
+                        self.sixel.pixel_width = None;
+                        self.sixel.pixel_height = None;
+                        self.sixel.data.clear();
+                        return;
+                    }
+                    self.sixel.data.reserve(size);
                }

                remainder = &remainder[matched_len..];