Fix a slew of possible int vs u_int bugs which would likely have caused an overflow crash.

2026-03-26 21:26:25 +00:00 · 2026-03-18 13:04:21 +00:00
parent 0d195698f8
commit 7e6bbc63ab
10 changed files with 155 additions and 133 deletions
--- a/server-client.c
+++ b/server-client.c
@@ -617,8 +617,8 @@ server_client_check_mouse_in_pane(struct window_pane *wp, u_int px, u_int py,
 	struct options		*wo = w->options;
 	struct window_pane	*fwp;
 	int			 pane_status, sb, sb_pos, sb_w, sb_pad;
-	u_int			 pane_status_line, sl_top, sl_bottom;
-	u_int			 bdr_bottom, bdr_top, bdr_left, bdr_right;
+	int			 pane_status_line, sl_top, sl_bottom;
+	int			 bdr_bottom, bdr_top, bdr_left, bdr_right;

 	sb = options_get_number(wo, "pane-scrollbars");
 	sb_pos = options_get_number(wo, "pane-scrollbars-position");
@@ -641,29 +641,30 @@ server_client_check_mouse_in_pane(struct window_pane *wp, u_int px, u_int py,

 	/* Check if point is within the pane or scrollbar. */
 	if (((pane_status != PANE_STATUS_OFF &&
-      py != pane_status_line && py != wp->yoff + wp->sy) ||
+      (int)py != pane_status_line && (int)py != wp->yoff + (int)wp->sy) ||
 	    (wp->yoff == 0 && py < wp->sy) ||
-	    ((int)py >= wp->yoff && py < wp->yoff + wp->sy)) &&
+	    ((int)py >= wp->yoff && (int)py < wp->yoff + (int)wp->sy)) &&
 	    ((sb_pos == PANE_SCROLLBARS_RIGHT &&
-	    px < wp->xoff + wp->sx + sb_pad + sb_w) ||
+	    (int)px < wp->xoff + (int)wp->sx + sb_pad + sb_w) ||
 	    (sb_pos == PANE_SCROLLBARS_LEFT &&
-	    px < wp->xoff + wp->sx - sb_pad - sb_w))) {
+	    (int)px < wp->xoff + (int)wp->sx - sb_pad - sb_w))) {
 		/* Check if in the scrollbar. */
 		if ((sb_pos == PANE_SCROLLBARS_RIGHT &&
-		    (px >= wp->xoff + wp->sx + sb_pad &&
-		    px < wp->xoff + wp->sx + sb_pad + sb_w)) ||
+		    ((int)px >= wp->xoff + (int)wp->sx + sb_pad &&
+		    (int)px < wp->xoff + (int)wp->sx + sb_pad + sb_w)) ||
 		    (sb_pos == PANE_SCROLLBARS_LEFT &&
 		    ((int)px >= wp->xoff - sb_pad - sb_w &&
 		    (int)px < wp->xoff - sb_pad))) {
 			/* Check where inside the scrollbar. */
-			sl_top = wp->yoff + wp->sb_slider_y;
-			sl_bottom = (wp->yoff + wp->sb_slider_y +
-			    wp->sb_slider_h - 1);
-			if (py < sl_top)
+			sl_top = wp->yoff + (int)wp->sb_slider_y;
+			sl_bottom = wp->yoff + (int)wp->sb_slider_y +
+			    (int)wp->sb_slider_h - 1;
+			if ((int)py < sl_top)
 				return (SCROLLBAR_UP);
-			else if (py >= sl_top &&
-				 py <= sl_bottom) {
-				*sl_mpos = (py - wp->sb_slider_y - wp->yoff);
+			else if ((int)py >= sl_top &&
+				 (int)py <= sl_bottom) {
+				*sl_mpos = ((int)py - (int)wp->sb_slider_y -
+				    wp->yoff);
 				return (SCROLLBAR_SLIDER);
 			} else /* py > sl_bottom */
 				return (SCROLLBAR_DOWN);
@@ -681,28 +682,31 @@ server_client_check_mouse_in_pane(struct window_pane *wp, u_int px, u_int py,
 		/* Try the pane borders if not zoomed. */
 		TAILQ_FOREACH(fwp, &w->panes, entry) {
 			if (sb_pos == PANE_SCROLLBARS_LEFT)
-				bdr_right = fwp->xoff + fwp->sx;
+				bdr_right = fwp->xoff + (int)fwp->sx;
 			else
 				/* PANE_SCROLLBARS_RIGHT or none. */
-				bdr_right = fwp->xoff + fwp->sx + sb_pad + sb_w;
-			if ((int)py >= fwp->yoff - 1 && py <= fwp->yoff + fwp->sy) {
-				if (px ==  bdr_right)
+				bdr_right = fwp->xoff + (int)fwp->sx +
+				    sb_pad + sb_w;
+			if ((int)py >= fwp->yoff - 1 &&
+			    (int)py <= fwp->yoff + (int)fwp->sy) {
+				if ((int)px == bdr_right)
 					break;
 				if (wp->flags & PANE_FLOATING) {
 					/* Floating pane, check if left border. */
 					bdr_left = fwp->xoff - 1;
-					if (px == bdr_left)
+					if ((int)px == bdr_left)
 						break;
 				}
 			}
-			if ((int)px >= fwp->xoff - 1 && px <= fwp->xoff + fwp->sx) {
-				bdr_bottom = fwp->yoff + fwp->sy;
-				if (py == bdr_bottom)
+			if ((int)px >= fwp->xoff - 1 &&
+			    (int)px <= fwp->xoff + (int)fwp->sx) {
+				bdr_bottom = fwp->yoff + (int)fwp->sy;
+				if ((int)py == bdr_bottom)
 					break;
 				if (wp->flags & PANE_FLOATING) {
 					/* Floating pane, check if top border. */
 					bdr_top = fwp->yoff - 1;
-					if (py == bdr_top)
+					if ((int)py == bdr_top)
 						break;
 				}
 			}
@@ -3088,12 +3092,14 @@ server_client_reset_state(struct client *c)
 	} else if (wp != NULL && c->overlay_draw == NULL) {
 		cursor = 0;
 		tty_window_offset(tty, &ox, &oy, &sx, &sy);
-		if (wp->xoff + s->cx >= ox && wp->xoff + s->cx <= ox + sx &&
-		    wp->yoff + s->cy >= oy && wp->yoff + s->cy <= oy + sy) {
+		if (wp->xoff + (int)s->cx >= (int)ox &&
+		    wp->xoff + (int)s->cx <= (int)ox + (int)sx &&
+		    wp->yoff + (int)s->cy >= (int)oy &&
+		    wp->yoff + (int)s->cy <= (int)oy + (int)sy) {
 			cursor = 1;

-			cx = wp->xoff + s->cx - ox;
-			cy = wp->yoff + s->cy - oy;
+			cx = (u_int)(wp->xoff + (int)s->cx - (int)ox);
+			cy = (u_int)(wp->yoff + (int)s->cy - (int)oy);

 			if (status_at_line(c) == 0)
 				cy += status_line_size(c);