Clamp TerminalDisplay size to prevent buffer overflow crash (!813) · Merge requests · Utilities / Konsole

Celeste Wouters requested to merge elementw/konsole:fix-too-wide-crash into master Feb 11, 2023

Konsole's code base uses a MAX_LINE_WIDTH define, currently set to 1024, to act as sizes for various buffers used with ICU text shaping algorithms, but no range checks are ever performed on those, meaning that a display area of more than 1023 character cells wide will overflow said buffers.

This can happen if you have a very large display, a small font size, or, egregiously, if you disconnect all displays when running under a Wayland compositor, prompting qt.qpa.wayland to create a fake screen of potentially huge size.

This commit takes the easy way out by clamping the TerminalDisplay size to MAX_LINE_WIDTH-1, which is large enough for most users (1023), and better than crashing due to buffer overflows anyway. The proper fix would be to use dynamically allocated buffers instead, but this will do in the meantime.

This also fixes the same crash happening in KonsolePart integrations, like Dolphin or Kate.

Edited Feb 11, 2023 by Celeste Wouters

Clamp TerminalDisplay size to prevent buffer overflow crash

Merge request reports