From 0e6e9db7a41e2a921cda26d31664020cc1e1eb46 Mon Sep 17 00:00:00 2001
From: deuce <>
Date: Sat, 10 Feb 2018 21:30:24 +0000
Subject: [PATCH] Fix some font bounds checking issues, and add APC callback
 support.

---
 src/conio/cterm.c | 10 +++++++++-
 src/conio/cterm.h |  4 ++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/src/conio/cterm.c b/src/conio/cterm.c
index d3a69db74f..780f820819 100644
--- a/src/conio/cterm.c
+++ b/src/conio/cterm.c
@@ -2655,12 +2655,20 @@ static void do_ansi(struct cterminal *cterm, char *retbuf, size_t retsize, int *
 				cterm->strbuf[cterm->strbuflen] = 0;
 			}
 			switch (cterm->string) {
+				case CTERM_STRING_APC:
+					if (cterm->apc_handler)
+						cterm->apc_handler(cterm->strbuf, cterm->strbuflen, cterm->apc_handler_data);
+					break;
 				case CTERM_STRING_DCS:
 					if (cterm->sixel == SIXEL_STARTED)
 						parse_sixel_string(cterm, true);
 					else {
 						if (strncmp(cterm->strbuf, "CTerm:Font:", 11) == 0) {
 							cterm->font_slot = strtoul(cterm->strbuf+11, &p, 10);
+							if(cterm->font_slot < CONIO_FIRST_FREE_FONT)
+								break;
+							if (cterm->font_slot > 255)
+								break;
 							if (p && *p == ':') {
 								p++;
 								i = b64_decode(cterm->fontbuf, sizeof(cterm->fontbuf), p, 0);
@@ -3263,7 +3271,7 @@ CIOLIBEXPORT char* CIOLIBCALL cterm_write(struct cterminal * cterm, const void *
 
 						if((buf2=(char *)malloc(cterm->font_size))!=NULL) {
 							memcpy(buf2,cterm->fontbuf,cterm->font_size);
-							if(cterm->font_slot >= CONIO_FIRST_FREE_FONT) {
+							if(cterm->font_slot >= CONIO_FIRST_FREE_FONT && cterm->font_slot < 256) {
 								switch(cterm->font_size) {
 									case 4096:
 										FREE_AND_NULL(conio_fontdata[cterm->font_slot].eight_by_sixteen);
diff --git a/src/conio/cterm.h b/src/conio/cterm.h
index a745d500e6..f4131421e9 100644
--- a/src/conio/cterm.h
+++ b/src/conio/cterm.h
@@ -177,6 +177,10 @@ struct cterminal {
 	uint8_t				*sx_mask;
 	int					sx_orig_cursor;	// Original value of cterm->cursor
 
+	/* APC Handler */
+	void				(*apc_handler)(char *strbuf, size_t strlen, void *cbdata);
+	void				*apc_handler_data;
+
 	/* conio function pointers */
 #ifdef CTERM_WITHOUT_CONIO
 	void	(*ciolib_gotoxy)		(struct cterminal *,int,int);
-- 
GitLab