From 7f6f1f9a5dac301b9f977e0d1a53c487c5cad9aa Mon Sep 17 00:00:00 2001 From: Kovid Goyal Date: Sun, 28 May 2023 06:24:49 +0530 Subject: [PATCH] Fix a regression in 0.28.0 that caused a buffer overflow when clearing the screen Fixes #6306 Fixes #6308 --- docs/changelog.rst | 2 ++ kitty/screen.c | 3 ++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/docs/changelog.rst b/docs/changelog.rst index b8c9a049e8..12f9806fa2 100644 --- a/docs/changelog.rst +++ b/docs/changelog.rst @@ -71,6 +71,8 @@ Detailed list of changes - Graphics: Move images up along with text when the window is shrunk vertically (:iss:`6278`) +- Fix a regression in 0.28.0 that caused a buffer overflow when clearing the screen (:iss:`6306`, :pull:`6308`) + 0.28.1 [2023-04-21] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/kitty/screen.c b/kitty/screen.c index ffa0e9f94d..a73e4084e3 100644 --- a/kitty/screen.c +++ b/kitty/screen.c @@ -894,7 +894,8 @@ cursor_within_margins(Screen *self) { static void screen_dirty_line_graphics(Screen *self, unsigned int top, unsigned int bottom) { bool need_to_remove = false; - for (unsigned int y = top; y <= bottom; y++) { + bottom = MIN(bottom+1, self->lines); + for (unsigned int y = top; y < bottom; y++) { if (self->linebuf->line_attrs[y].has_image_placeholders) { need_to_remove = true; linebuf_mark_line_dirty(self->linebuf, y);