commit b28bbee539625f9bcbf128e8da400d1d55b499ff
parent f82219c490a5a2bec749f4811f5e8ef95ec20b95
Author: Gabriel Ford <gabe@fordltc.net>
Date: Thu, 29 May 2025 14:29:16 -0400
fix(terminal): skip setting `string_initial` to false on no-op (#34176)
Problem:
Currently undefined behavior can occur when `string_fragment()` is
called with `OSC_COMMAND`. This is because when the state changes to
`OSC_COMMAND`, `string_initial` is set to true. Then in some cases,
directly after this `string_initial` will be set back to false before
the on_osc callback is called, this leads to `term_settermprop()` never
initializing the title.
Solution:
In all of the no-op cases in `string_fragment()` currently, we continue
to the end of the function where `vt->parser.string_initial` is set to
false. This change returns in the no-op cases instead since in these
cases the string has not yet been terminated and sent to the callback.
Note:
This change also adds a test with a byte sequence from the file
in #34028 that caused nvim to crash. This byte sequences is the shortest
sequence I could trim down from that file that still would trigger the
crash. There are also two other tests I added which validate that
setting the title with OSC-0 and OSC-2 still works.
Fixes: #34028
Diffstat:
2 files changed, 49 insertions(+), 1 deletion(-)
diff --git a/src/nvim/vterm/parser.c b/src/nvim/vterm/parser.c
@@ -122,7 +122,7 @@ static void string_fragment(VTerm *vt, const char *str, size_t len, bool final)
case CSI_INTERMED:
case OSC_COMMAND:
case DCS_COMMAND:
- break;
+ return;
}
vt->parser.string_initial = false;
diff --git a/test/functional/terminal/parser_spec.lua b/test/functional/terminal/parser_spec.lua
@@ -4,6 +4,10 @@ local clear = n.clear
local api = n.api
local assert_alive = n.assert_alive
+local OSC_PREFIX = string.char(0x1b, 0x5d)
+local BEL = string.char(0x07)
+local NUL = string.char(0x00)
+
describe(':terminal', function()
before_each(clear)
@@ -12,4 +16,48 @@ describe(':terminal', function()
api.nvim_chan_send(chan, '\027]8;;https://example.com\027\\Example\027]8;;\027\n')
assert_alive()
end)
+
+ it('handles OSC-2 title setting', function()
+ -- OSC-2 should set title.
+ local chan = api.nvim_open_term(0, {})
+ local input = OSC_PREFIX .. '2;This title set with OSC 2' .. BEL
+ api.nvim_chan_send(chan, input)
+ --- @type string
+ local term_title = api.nvim_buf_get_var(0, 'term_title')
+ assert.Equal(term_title, 'This title set with OSC 2')
+ assert_alive()
+ end)
+
+ it('handles OSC-0 title and icon setting', function()
+ -- OSC-0 should set title and icon name to the same string. We currently ignore the icon name,
+ -- but the title should still be reflected.
+ local chan = api.nvim_open_term(0, {})
+ local input = OSC_PREFIX .. '0;This title set with OSC 0' .. BEL
+ api.nvim_chan_send(chan, input)
+ --- @type string
+ local term_title = api.nvim_buf_get_var(0, 'term_title')
+ assert.Equal(term_title, 'This title set with OSC 0')
+ assert_alive()
+ end)
+
+ it('handles control character following OSC prefix #34028', function()
+ local chan = api.nvim_open_term(0, {})
+ -- In order to test for the crash found in #34028 we need a ctrl char following the OSC_PREFIX
+ -- which causes `string_fragment()` to be called while in OSC_COMMAND mode, this caused
+ -- initial_string to be flipped back to false. At the end we need two more non-BEL control
+ -- characters, one to write into the 1 byte buffer, then another to trigger the callback one
+ -- more time so that realloc notices that it's internal data has been overwritten.
+ local input = OSC_PREFIX .. NUL .. '0;aaaaaaaaaaaaaaaaaaaaaaaaaaa' .. NUL .. NUL
+ api.nvim_chan_send(chan, input)
+ assert_alive()
+
+ -- On some platforms such as MacOS we need a longer string to reproduce the crash from #34028.
+ input = OSC_PREFIX .. NUL .. '0;'
+ for _ = 1, 256 do
+ input = input .. 'a'
+ end
+ input = input .. NUL .. NUL
+ api.nvim_chan_send(chan, input)
+ assert_alive()
+ end)
end)
