src/conio/cterm.c - Historico da BBS TELESC.NET.BR

BBS:      TELESC.NET.BR
Assunto:  src/conio/cterm.c
De:       Deuc¨
Data:     Sun, 15 Mar 2026 20:35:47 -0700
-----------------------------------------------------------
https://gitlab.synchro.net/main/sbbs/-/commit/5f54bde4ef38428075e84e60
Modified Files:
	src/conio/cterm.c
Log Message:
Clamp CHT/CVT/CBT tab count to width * height

CSI Ps I (Cursor Forward Tabulation), CSI Ps Y (Cursor Line
Tabulation), and CSI Ps Z (Cursor Backward Tabulation) looped
param_int[0] times calling do_tab()/do_backtab(). With a huge
parameter, CHT/CVT would perform billions of tab-then-scroll-up
cycles (do_tab wraps and scrolls at the bottom margin), while CBT
would perform billions of gotoxy() calls.

Clamp the count to width * height. This preserves the legitimate
behavior of tabbing across line boundaries with scrolling, while
preventing a DoS from huge parameters. Any count beyond width * height
just scrolls blank lines off the top repeatedly.

Found by ANSI fuzz testing (termtest.js).

Co-Authored-By: Claude Opus 4.6 
n
---
  mSynchronetn  hgVertrauen n hHome of Synchronet n gh[vert/cvs/bbs].synchro.net

-----------------------------------------------------------
[Voltar]