circlecloud/tmux
1
0
Fork 0
mirror of https://github.com/tmux/tmux.git synced 2026-03-31 08:46:27 +00:00
Code Issues Projects Releases Wiki Activity

When in copy mode with a large scroll offset and the window is resized

Browse Source 
so that history shrinks, data->oy can exceed screen_hsize causing an
unsigned integer underflow in the py computation. Clamp data->oy in
window_copy_resize and window_copy_cmd_refresh_from_pane before the
subtraction. From futpib at gmail dot com in GitHub issue 4958.
This commit is contained in:
nicm
2026-03-30 09:23:40 +00:00
parent e0237c6b8c
commit 022b5cf193
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
window-copy.c
View File

@@ -1026,6 +1026,8 @@ window_copy_resize(struct window_mode_entry *wme, u_int sx, u_int sy)
screen_resize(s, sx, sy, 0);
cx = data->cx;
if (data->oy > gd->hsize + data->cy)
data->oy = gd->hsize + data->cy;
cy = gd->hsize + data->cy - data->oy;
reflow = (gd->sx != sx);
if (reflow)
@@ -2736,6 +2738,8 @@ window_copy_cmd_refresh_from_pane(struct window_copy_cmd_state *cs)
if (data->viewmode)
return (WINDOW_COPY_CMD_NOTHING);
if (data->oy > screen_hsize(data->backing))
data->oy = screen_hsize(data->backing);
oy_from_top = screen_hsize(data->backing) - data->oy;
screen_free(data->backing);