src/conio/cterm.c - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/conio/cterm.c
De:       Deuc¨
Data:     Sun, 15 Mar 2026 20:35:47 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/d0be28bdfbb1b0c26ce8a723
Modified Files:
	src/conio/cterm.c
Log Message:
Clamp SU/SD scroll count to scroll region height

CSI Ps S (Scroll Up) and CSI Ps T (Scroll Down) looped param_int[0]
times calling cterm_scrollup()/scrolldown() individually. With a huge
parameter (e.g. ESC[65536T), this performed tens of thousands of
movetext + clear operations, hanging the terminal for seconds  a
low-bandwidth DoS from a 9-byte sequence.

Clamp the count to TERM_MAXY (the scroll region height). Scrolling
more lines than the region contains is equivalent to clearing it.
This matches how IL, DL, ICH, and DCH all clamp their counts already.

Found by ANSI fuzz testing (termtest.js).

Co-Authored-By: Claude Opus 4.6 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]