Fix a slew of possible int vs u_int bugs which would likely have caused an overflow crash.

2026-03-26 13:16:37 +00:00 · 2026-03-18 13:04:21 +00:00
parent 0d195698f8
commit 7e6bbc63ab
10 changed files with 155 additions and 133 deletions
--- a/window.c
+++ b/window.c
@@ -71,7 +71,7 @@ static struct window_pane *window_pane_create(struct window *, u_int, u_int,
 		    u_int);
 static void	window_pane_destroy(struct window_pane *);
 static void	window_pane_full_size_offset(struct window_pane *wp,
-		    u_int *xoff, u_int *yoff, u_int *sx, u_int *sy);
+		    int *xoff, int *yoff, u_int *sx, u_int *sy);

 RB_GENERATE(windows, window, entry, window_cmp);
 RB_GENERATE(winlinks, winlink, entry, winlink_cmp);
@@ -1469,7 +1469,7 @@ window_pane_choose_best(struct window_pane **list, u_int size)
 * scrollbars if they were visible but not including the border(s).
 */
 static void
-window_pane_full_size_offset(struct window_pane *wp, u_int *xoff, u_int *yoff,
+window_pane_full_size_offset(struct window_pane *wp, int *xoff, int *yoff,
    u_int *sx, u_int *sy)
 {
 	struct window		*w = wp->window;
@@ -1503,9 +1503,11 @@ window_pane_find_up(struct window_pane *wp)
 {
 	struct window		*w;
 	struct window_pane	*next, *best, **list;
-	u_int			 edge, left, right, end, size;
+	int			 edge, left, right, end;
+	u_int			 size;
 	int			 status, found;
-	u_int			 xoff, yoff, sx, sy;
+	int			 xoff, yoff;
+	u_int			 sx, sy;

 	if (wp == NULL)
 		return (NULL);
@@ -1520,25 +1522,25 @@ window_pane_find_up(struct window_pane *wp)
 	edge = yoff;
 	if (status == PANE_STATUS_TOP) {
 		if (edge == 1)
-			edge = w->sy + 1;
+			edge = (int)w->sy + 1;
 	} else if (status == PANE_STATUS_BOTTOM) {
 		if (edge == 0)
-			edge = w->sy;
+			edge = (int)w->sy;
 	} else {
 		if (edge == 0)
-			edge = w->sy + 1;
+			edge = (int)w->sy + 1;
 	}

 	left = xoff;
-	right = xoff + sx;
+	right = xoff + (int)sx;

 	TAILQ_FOREACH(next, &w->panes, entry) {
 		window_pane_full_size_offset(next, &xoff, &yoff, &sx, &sy);
 		if (next == wp)
 			continue;
-		if (yoff + sy + 1 != edge)
+		if (yoff + (int)sy + 1 != edge)
 			continue;
-		end = xoff + sx - 1;
+		end = xoff + (int)sx - 1;

 		found = 0;
 		if (xoff < left && end > right)
@@ -1564,9 +1566,11 @@ window_pane_find_down(struct window_pane *wp)
 {
 	struct window		*w;
 	struct window_pane	*next, *best, **list;
-	u_int			 edge, left, right, end, size;
+	int			 edge, left, right, end;
+	u_int			 size;
 	int			 status, found;
-	u_int			 xoff, yoff, sx, sy;
+	int			 xoff, yoff;
+	u_int			 sx, sy;

 	if (wp == NULL)
 		return (NULL);
@@ -1578,20 +1582,20 @@ window_pane_find_down(struct window_pane *wp)

 	window_pane_full_size_offset(wp, &xoff, &yoff, &sx, &sy);

-	edge = yoff + sy + 1;
+	edge = yoff + (int)sy + 1;
 	if (status == PANE_STATUS_TOP) {
-		if (edge >= w->sy)
+		if (edge >= (int)w->sy)
 			edge = 1;
 	} else if (status == PANE_STATUS_BOTTOM) {
-		if (edge >= w->sy - 1)
+		if (edge >= (int)w->sy - 1)
 			edge = 0;
 	} else {
-		if (edge >= w->sy)
+		if (edge >= (int)w->sy)
 			edge = 0;
 	}

 	left = wp->xoff;
-	right = wp->xoff + wp->sx;
+	right = wp->xoff + (int)wp->sx;

 	TAILQ_FOREACH(next, &w->panes, entry) {
 		window_pane_full_size_offset(next, &xoff, &yoff, &sx, &sy);
@@ -1599,7 +1603,7 @@ window_pane_find_down(struct window_pane *wp)
 			continue;
 		if (yoff != edge)
 			continue;
-		end = xoff + sx - 1;
+		end = xoff + (int)sx - 1;

 		found = 0;
 		if (xoff < left && end > right)
@@ -1625,9 +1629,11 @@ window_pane_find_left(struct window_pane *wp)
 {
 	struct window		*w;
 	struct window_pane	*next, *best, **list;
-	u_int			 edge, top, bottom, end, size;
+	int			 edge, top, bottom, end;
+	u_int			 size;
 	int			 found;
-	u_int			 xoff, yoff, sx, sy;
+	int			 xoff, yoff;
+	u_int			 sx, sy;

 	if (wp == NULL)
 		return (NULL);
@@ -1640,18 +1646,18 @@ window_pane_find_left(struct window_pane *wp)

 	edge = xoff;
 	if (edge == 0)
-		edge = w->sx + 1;
+		edge = (int)w->sx + 1;

 	top = yoff;
-	bottom = yoff + sy;
+	bottom = yoff + (int)sy;

 	TAILQ_FOREACH(next, &w->panes, entry) {
 		window_pane_full_size_offset(next, &xoff, &yoff, &sx, &sy);
 		if (next == wp)
 			continue;
-		if (xoff + sx + 1 != edge)
+		if (xoff + (int)sx + 1 != edge)
 			continue;
-		end = yoff + sy - 1;
+		end = yoff + (int)sy - 1;

 		found = 0;
 		if (yoff < top && end > bottom)
@@ -1677,9 +1683,11 @@ window_pane_find_right(struct window_pane *wp)
 {
 	struct window		*w;
 	struct window_pane	*next, *best, **list;
-	u_int			 edge, top, bottom, end, size;
+	int			 edge, top, bottom, end;
+	u_int			 size;
 	int			 found;
-	u_int			 xoff, yoff, sx, sy;
+	int			 xoff, yoff;
+	u_int			 sx, sy;

 	if (wp == NULL)
 		return (NULL);
@@ -1690,12 +1698,12 @@ window_pane_find_right(struct window_pane *wp)

 	window_pane_full_size_offset(wp, &xoff, &yoff, &sx, &sy);

-	edge = xoff + sx + 1;
-	if (edge >= w->sx)
+	edge = xoff + (int)sx + 1;
+	if (edge >= (int)w->sx)
 		edge = 0;

 	top = wp->yoff;
-	bottom = wp->yoff + wp->sy;
+	bottom = wp->yoff + (int)wp->sy;

 	TAILQ_FOREACH(next, &w->panes, entry) {
 		window_pane_full_size_offset(next, &xoff, &yoff, &sx, &sy);
@@ -1703,7 +1711,7 @@ window_pane_find_right(struct window_pane *wp)
 			continue;
 		if (xoff != edge)
 			continue;
-		end = yoff + sy - 1;
+		end = yoff + (int)sy - 1;

 		found = 0;
 		if (yoff < top && end > bottom)