File _service:obs_scm:0001-fix-CVE-2024-37535.patch of Package vte291

From b6a976254b95f728ba17b369b387c19b26890141 Mon Sep 17 00:00:00 2001
From: Christian Persch <Christian Persch@chpe>
Date: Tue, 11 Jun 2024 02:59:02 +0000
Subject: [PATCH] fix CVE-2024-37535

---
 src/vtegtk.cc | 35 +++++++++++++++++++++++++++++++++++
 src/vteseq.cc | 20 ++++++++++++--------
 2 files changed, 47 insertions(+), 8 deletions(-)

diff --git a/src/vtegtk.cc b/src/vtegtk.cc
index 0457b2b..2f7c77b 100644
--- a/src/vtegtk.cc
+++ b/src/vtegtk.cc
@@ -91,6 +91,38 @@
 template<typename T>
 constexpr bool check_enum_value(T value) noexcept;
 
+static inline void
+sanitise_widget_size_request(int* minimum,
+                             int* natural) noexcept
+{
+        // Overly large size requests will make gtk happily allocate
+        // a window size over the window system's limits (see
+        // e.g. https://gitlab.gnome.org/GNOME/vte/-/issues/2786),
+        // leading to aborting the whole process.
+        // The toolkit should be in a better position to know about
+        // these limits and not exceed them (which here is certainly
+        // possible since our minimum sizes are very small), let's
+        // limit the widget's size request to some large value
+        // that hopefully is within the absolute limits of
+        // the window system (assumed here to be int16 range,
+        // and leaving some space for the widgets that contain
+        // the terminal).
+        auto const limit = (1 << 15) - (1 << 12);
+
+        if (*minimum > limit || *natural > limit) {
+                static auto warned = false;
+
+                if (!warned) {
+                        g_warning("Widget size request (minimum %d, natural %d) exceeds limits\n",
+                                  *minimum, *natural);
+                        warned = true;
+                }
+        }
+
+        *minimum = std::min(*minimum, limit);
+        *natural = std::clamp(*natural, *minimum, limit);
+}
+
 struct _VteTerminalClassPrivate {
         GtkStyleProvider *style_provider;
 };
@@ -485,6 +517,7 @@ try
 {
 	VteTerminal *terminal = VTE_TERMINAL(widget);
         WIDGET(terminal)->get_preferred_width(minimum_width, natural_width);
+	sanitise_widget_size_request(minimum_width, natural_width);
 }
 catch (...)
 {
@@ -499,6 +532,7 @@ try
 {
 	VteTerminal *terminal = VTE_TERMINAL(widget);
         WIDGET(terminal)->get_preferred_height(minimum_height, natural_height);
+	sanitise_widget_size_request(minimum_height, natural_height);
 }
 catch (...)
 {
@@ -736,6 +770,7 @@ try
         WIDGET(terminal)->measure(orientation, for_size,
                                   minimum, natural,
                                   minimum_baseline, natural_baseline);
+	sanitise_widget_size_request(minimum, natural);
 }
 catch (...)
 {
diff --git a/src/vteseq.cc b/src/vteseq.cc
index 8a7f5b3..7c0e227 100644
--- a/src/vteseq.cc
+++ b/src/vteseq.cc
@@ -214,9 +214,18 @@ Terminal::emit_bell()
 /* Emit a "resize-window" signal.  (Grid size.) */
 void
 Terminal::emit_resize_window(guint columns,
-                                       guint rows)
-{
-        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window'.\n");
+                             guint rows)
+{
+        // Ignore resizes with excessive number of rows or columns,
+        // see https://gitlab.gnome.org/GNOME/vte/-/issues/2786
+        if (columns < VTE_MIN_GRID_WIDTH ||
+            columns > 511 ||
+            rows < VTE_MIN_GRID_HEIGHT ||
+            rows > 511)
+                return;
+
+        _vte_debug_print(VTE_DEBUG_SIGNALS, "Emitting `resize-window' %d columns %d rows.\n",
+                         columns, rows);
         g_signal_emit(m_terminal, signals[SIGNAL_RESIZE_WINDOW], 0, columns, rows);
 }
 
@@ -4581,8 +4590,6 @@ Terminal::DECSLPP(vte::parser::Sequence const& seq)
         else if (param < 24)
                 return;
 
-        _vte_debug_print(VTE_DEBUG_EMULATION, "Resizing to %d rows.\n", param);
-
         emit_resize_window(m_column_count, param);
 }
 
@@ -9044,9 +9051,6 @@ Terminal::XTERM_WM(vte::parser::Sequence const& seq)
                 seq.collect(1, {&height, &width});
 
                 if (width != -1 && height != -1) {
-                        _vte_debug_print(VTE_DEBUG_EMULATION,
-                                         "Resizing window to %d columns, %d rows.\n",
-                                         width, height);
                         emit_resize_window(width, height);
                 }
                 break;
-- 
2.43.0