From d317f0f3120965c447d59d040a9534c77455436c Mon Sep 17 00:00:00 2001 From: Wez Furlong Date: Sat, 19 Jun 2021 13:01:17 -0700 Subject: [PATCH] Don't abort for overlay large sixel payloads Rust hasn't stabilized fallible allocation, so when we are presented with an implausibly large sixel, Rust terminates the program; it's not even a panick that we could potentially catch -> direct to termination. This commit introduces an arbitrary constraint so that we can avoid unconditionally terminating for this bad input case. Thanks to @klamonte for sharing this test case! --- termwiz/src/escape/parser/mod.rs | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/termwiz/src/escape/parser/mod.rs b/termwiz/src/escape/parser/mod.rs index fce0b7897..94cccc265 100644 --- a/termwiz/src/escape/parser/mod.rs +++ b/termwiz/src/escape/parser/mod.rs @@ -338,7 +338,25 @@ impl SixelBuilder { self.sixel.pixel_height = pixel_height; if let (Some(w), Some(h)) = (pixel_width, pixel_height) { - self.sixel.data.reserve(w as usize * h as usize); + let size = w as usize * h as usize; + // Ideally we'd just use `try_reserve` here, but that is + // nightly Rust only at the time of writing this comment: + // + const MAX_SIXEL_SIZE: usize = 100_000_000; + if size > MAX_SIXEL_SIZE { + log::error!( + "Ignoring sixel data {}x{} because {} bytes > max allowed {}", + w, + h, + size, + MAX_SIXEL_SIZE + ); + self.sixel.pixel_width = None; + self.sixel.pixel_height = None; + self.sixel.data.clear(); + return; + } + self.sixel.data.reserve(size); } remainder = &remainder[matched_len..];