Commit Graph

848 Commits

Author SHA1 Message Date
Tommi Hirvola
95f22c5305 set upper limit for REP escape sequence argument
Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.
2024-03-04 23:50:58 +01:00
Quentin Rameau
7473a8d1a5 Fix cursor move with wide glyphs
st would always move back 1 column,
even with wide glyhps (using more than a single column).

The glyph rune is set on its first column,
and the other ones are to 0,
so loop until we detect the start of the previous glyph.
2024-02-25 11:56:43 +01:00
Tim Culverhouse
a3f7420310 csi: check for private marker in 'S' case
The handler for 'S' final character does not check for a private
marker. This can cause a conflict with a sequence called 'XTSMGRAPHICS'
which also has an 'S' final character, but uses the private marker '?'.
Without checking for a private marker, st will perform a scroll up
operation when XTSMGRAPHICS is seen, which can cause unexpected display
artifacts.
2024-02-18 16:14:26 +01:00
Peter Hofmann
559fdc2786 Unhide cursor on RIS (\033c)
It is unclear if it's "required" to do this on RIS, but it's useful when
calling reset(1) after interactive programs have crashed and garbled up
the screen.

FWIW, other terminals do it as well (tested with XTerm, VTE, Kitty,
Alacritty, Linux VT).
2023-10-07 12:16:59 +02:00
Peter Hofmann
8abe4bcb41 Fix wide glyphs breaking "nowrap" mode
Consider the following example:

    printf '\e[?7l';\
    for i in $(seq $(($(tput cols) - 1))); do printf a; done;\
    printf '🙈\n';\
    printf '\e[?7h'

Even though MODE_WRAP has been disabled, the emoji appeared on the next
line. This patch keeps wide glyphs on the same line and moves them to
the right-most possible position.
2023-10-07 12:16:59 +02:00
Peter Hofmann
2fc7e532b2 Don't scroll selection on the other screen
Fixes garbage selections when switching to/from the alternate screen.

How to reproduce:

-   Be in primary screen.
-   Select something.
-   Run this (switches to alternate screen, positions the cursor at the
    bottom, triggers selscroll(), and then goes back to primary screen):

        tput smcup; tput cup $(tput lines) 0; echo foo; tput rmcup

-   Notice how the (visual) selection now covers a different line.

The reason is that selscroll() calls selnormalize() and that cannot find
the original range anymore. It's all empty lines now, so it snaps to
"select the whole line".
2023-10-07 12:16:59 +02:00
Shi Tian
3a6d6d7401 Fix for wide character being incorrectly cleared on MODE_INSERT
Under insert mode, when inserting a normal character in front of
a wide character, the affected region is shifted to the right by
one cell. However, the empty cell is reset as if being a part of a
wide character, causing the following cell being mishandled as a
dummy cell.
To reproduce the bug:
	printf '\033[4h' # set MODE_INSERT
	printf 妳好
	printf '\033[4D'
	printf 'x'
	printf '\033[4l\n'
2023-06-25 11:59:06 +02:00
Hiltjo Posthuma
211964d56e ignore C1 control characters in UTF-8 mode
Ignore processing and printing C1 control characters in UTF-8 mode.
These are in the range: 0x80 - 0x9f.

By default in st the mode is set to UTF-8.

This matches more the behaviour of xterm with the options -u8 or +u8 also.
Also see the xterm resource "allowC1Printable".

Let me know if this breaks something, in most cases I don't think so.

As usual a very good reference is:
https://invisible-island.net/xterm/ctlseqs/ctlseqs.html
2023-02-07 20:00:59 +01:00
Adam Price
f17abd25b3 Add support for DSR response "OK" escape sequence
"VT100 defines an escape sequence [1] called Device Status Report (DSR). When
the DSR sequence received is `csi 5n`, an "OK" response `csi 0n` is returned.
This patch adds that "OK" response.

I encountered this missing sequence when I noticed that fzf [2] would clobber
my prompt whenever completing a find.

To test that ST doesn't currently respond to `csi 5n`, use fzf's shell
extension in ST's repo to complete the path for a file.

    my-fancy-prompt $ vim **<tab>
    <select a file>
    st.c

Select a file with <enter>, and notice that fzf clobbers some or all of your
prompt.

After applying this patch, do the same test as above and notice that fzf has no
longer clobbered your prompt by placing the file name in the correct position
in your command.

    my-fancy-prompt $ vim **<tab>
    <select a file>
    my-fancy prompt $ vim st.c

Thank you for considering my first patch submission.

[1] https://www.xfree86.org/current/ctlseqs.html#VT100%20Mode
[2] https://github.com/junegunn/fzf
"

Patch slightly adapted with input from the mailinglist,
2023-02-07 19:57:34 +01:00
Hiltjo Posthuma
7e8050cc62 Fixed OSC color reset without parameter->resets all colors
Adapted from (garbled) patch by wim <wim@thinkerwim.org>

Additional notes: it should reset all the colors using xloadcols().
To reproduce: set a different (theme) color using some escape code, then reset
it:

	printf '\x1b]104\x07'
2023-02-05 13:29:35 +01:00
Tom Schwindl
72fd32736a st: use `void' to indicate an empty parameter list 2022-08-18 17:14:10 +02:00
NRK
8629d9a1da code-golfing: cleanup osc color related code
* adds missing function prototype
* move xgetcolor() prototype to win.h (that's where all the other x.c
  func prototype seems to be declared at)
* check for snprintf error/truncation
* reduces code duplication for osc 10/11/12
* unify osc_color_response() and osc4_color_response() into a single function

the latter two was suggested by Quentin Rameau in his patch review on
the hackers list.
2022-04-19 11:43:37 +02:00
NRK
ef0551932f base64_digits: reduce scope, implicit zero, +1 size
the array is not accessed outside of base64dec() so it makes sense to
limit it's scope to the related function. the static-storage duration of
the array is kept intact.

this also removes unnecessary explicit zeroing from the start and end of
the array. anything that wasn't explicitly zero-ed will now be
implicitly zero-ed instead.

the validity of the new array can be easily confirmed via running this
trivial loop:

	for (int i = 0; i < 255; ++i)
		assert(base64_digits[i] == base64_digits_old[i]);

lastly, as pointed out by Roberto, the array needs to have 256 elements
in order to able access it as any unsigned char as an index; the
previous array had 255.

however, this array will only be accessed at indexes which are
isprint() || '=' (see `base64dec_getc()`), so reducing the size of the
array to the highest printable ascii char (127 AFAIK) + 1 might also be
a valid strategy.
2022-03-18 12:20:27 +01:00
NRK
af3bb68add avoid potential UB when using isprint()
all the ctype.h functions' argument must be representable as an unsigned
char or as EOF, otherwise the behavior is undefined.
2022-03-18 12:11:27 +01:00
Santtu Lakkala
e823e2308f Delay redrawals on palette changes
Build on auto-sync and only mark window dirty on palette changes and let
the event handler do the actual draw.
2022-02-18 13:03:37 +01:00
jamin
65f1dc4283 Fix overtyping wide characters.
Overtyping the first half of a wide character with the
second half of a wide character results in display garbage.
This is because the trailing dummy is not cleaned up.

i.e.  ATTR_WIDE, ATTR_WDUMMY, ATTR_WDUMMY

Here is a short script for demonstrating the behavior:

	#!/bin/sh
	alias printf=/usr/bin/printf
	printf こんにちは!; sleep 2
	printf '\x1b[5D'; sleep 2
	printf へ; sleep 2
	printf ' '; sleep 2
	echo
2021-12-30 18:37:17 +01:00
Jochen Sprickerhof
a0467c802d Fix null pointer access in strhandle
According to the spec the argument is optional for 104, so p can be
NULL as can be tested with printf '\x1b]104\x07'. This is a regression
of 8e31030.
2021-12-27 13:07:11 +01:00
Hiltjo Posthuma
273db5ceaf follow-up fix for OSC color sequences, return
Otherwise the message "erresc: unknown str" is printed.
2021-12-26 19:00:41 +01:00
Raheman Vaiya
8e31030390 Add support for OSC color sequences 2021-12-26 18:57:44 +01:00
Koichi Murase
1d3142da96 fix a problem that the standard streams are unexpectedly closed
In the current implementation, the slave PTY (assigned to the variable
`s') is always closed after duplicating it to file descriptors of
standard streams (0, 1, and 2).  However, when the allocated slave PTY
`s' is already one of 0, 1, or 2, this causes unexpected closing of a
standard stream.  The same problem occurs when the file descriptor of
the master PTY (the variable `m') is one of 0, 1, or 2.

In this patch, the original master PTY (m) is closed before it would
be overwritten by duplicated slave PTYs.  The original slave PTY (s)
is closed only when it is not one of the stanrad streams.
2021-08-24 13:30:11 +02:00
Markus F.X.J. Oberhumer
4536f46cff Mild const-correctness improvements.
Only touch a few things, the main focus is to
improve code readability.
2021-05-06 18:21:10 +02:00
Hiltjo Posthuma
4ef0cbd8b9 remove unused variable from previous patch 2020-10-18 11:18:03 +02:00
John Collis
28b4c822c5 ST: Add WM_ICON_NAME property support
Also added _NET_WM_ICON_NAME.
2020-10-18 11:17:11 +02:00
Hiltjo Posthuma
f74a9df6e1 remove sixel stub code
Remove stub code that was used for an experiment of adding sixel code to st
from the commit f7398434.
2020-06-17 23:49:22 +02:00
Hiltjo Posthuma
818ec746f4 fix unicode glitch in DCS strings, patch by Tim Allen
Reported on the mailinglist:

"
I discovered recently that if an application running inside st tries to
send a DCS string, subsequent Unicode characters get messed up. For
example, consider the following test-case:

    printf '\303\277\033P\033\\\303\277'

...where:

  - \303\277 is the UTF-8 encoding of U+00FF LATIN SMALL LETTER Y WITH
    DIAERESIS (ÿ).
  - \033P is ESC P, the token that begins a DCS string.
  - \033\\ is ESC \, a token that ends a DCS string.
  - \303\277 is the same ÿ character again.

If I run the above command in a VTE-based terminal, or xterm, or
QTerminal, or pterm (PuTTY), I get the output:

    ÿÿ

...which is to say, the empty DCS string is ignored. However, if I run
that command inside st (as of commit 9ba7ecf), I get:

    ÿÿ

...where those last two characters are \303\277 interpreted as ISO8859-1
characters, instead of UTF-8.

I spent some time tracing through the state machines in st.c, and so far
as I can tell, this is how it works currently:

  - ESC P sets the "ESC_DCS" and "ESC_STR" flags, indicating that
    incoming bytes should be collected into the strescseq buffer, rather
    than being interpreted.
  - ESC \ sets the "ESC_STR_END" flag (when ESC is received), and then
    calls strhandle() (when \ is received) to interpret the collected
    bytes.
  - If the collected bytes begin with 'P' (i.e. if this was a DCS
    string) strhandle() sets the "ESC_DCS" flag again, confusing the
    state machine.

If my understanding is correct, fixing the problem should be as easy as
removing the line that sets ESC_DCS from strhandle():

diff --git a/st.c b/st.c
index ef8abd5..b5b805a 100644
--- a/st.c
+++ b/st.c
@@ -1897,7 +1897,6 @@ strhandle(void)
		xsettitle(strescseq.args[0]);
		return;
	case 'P': /* DCS -- Device Control String */
-		term.mode |= ESC_DCS;
	case '_': /* APC -- Application Program Command */
	case '^': /* PM -- Privacy Message */
		return;

I've tried the above patch and it fixes my problem, but I don't know if
it introduces any others.
"
2020-06-17 21:35:39 +02:00
Hiltjo Posthuma
a2a704492b config.def.h: add an option allowwindowops, by default off (secure)
Similar to the xterm AllowWindowOps option, this is an option to allow or
disallow certain (non-interactive) operations that can be insecure or
exploited.

NOTE: xsettitle() is not guarded by this because st does not support printing
the window title. Else this could be exploitable (arbitrary code execution).
Similar problems have been found in the past in other terminal emulators.

The sequence for base64-encoded clipboard copy is now guarded because it allows
a sequence written to the terminal to manipulate the clipboard of the running
user non-interactively, for example:

printf '\x1b]52;0;ZWNobyBoaQ0=\a'
2020-05-30 22:06:15 +02:00
Hiltjo Posthuma
e6e2c6199f tiny style fix 2020-05-30 22:05:17 +02:00
Hiltjo Posthuma
94b8ec0021 Partially add back in "support REP (repeat) escape sequence"
Add the functionality back in for xterm compatibility, but do not expose the
capability in st.info (yet).

Some notes:

It was reverted because it caused some issues with ncurses in some
configurations, namely when using BSD padding (--enable-bsdpad, BSD_TPUTS) in
ncurses it caused issues with repeating digits.

A fix has been upstreamed in ncurses since snapshot 20200523. The fix is also
backported to OpenBSD -current.
2020-05-30 22:04:28 +02:00
Hiltjo Posthuma
475a0a36cb Revert "support REP (repeat) escape sequence"
This reverts commit e8392b282c.

There is currently a bug in older ncurses versions (like on OpenBSD) where a
fix for a bug with REP is not backported yet. Most likely in tty/tty_update.c:

Noticed while using lynx (which uses ncurses/curses).
To reproduce using lynx: echo "Z0000000" | lynx -stdin

or using the program:

int
main(void)
{
	WINDOW *win;
	win = initscr();

	printw("Z0000000");

	refresh();

	sleep(5);

	return 0;
}

This prints "ZZZZZZZ" (incorrectly).
2020-05-16 21:06:13 +02:00
Avi Halachmi (:avih)
e8392b282c support REP (repeat) escape sequence
The sequence \e[Nb prints the last printed char N (more) times if it's
printable, and it's ignored after newline or other control chars.

This is Ecma-048/ANSI-X3.6 sequence and not DEC VT. It's supported by
xterm, and ncurses uses it when possible, e.g. when TERM is xterm* (and
with this commit also st*).

xterm supports only codepoints<=255, possibly due to internal limits.
We support any value/codepoint which was placed in a cell.

To test:
- tput rep 65 4 -> prints 'AAAA'
- printf "\342\225\246\033[4b" -> prints U+2566 1+4 times.
2020-05-16 14:08:10 +02:00
Jakub Leszczak
045a0fab4f Fix selection: selscroll 2020-05-12 15:38:17 +02:00
Jakub Leszczak
9c30066e73 Fix selection: ignore ATTR_WRAP when rectangular selection in getsel 2020-05-12 15:38:02 +02:00
Jakub Leszczak
8304d4f059 Fix selection: selclear in tputc 2020-05-12 15:37:59 +02:00
Hiltjo Posthuma
914fb825df code-style: add fallthrough comment
Patch by Steve Ward, thanks.
2020-05-09 14:43:31 +02:00
Hiltjo Posthuma
cde480c693 optimize column width calculation and utf-8 encode for ASCII
In particular on OpenBSD and on glibc wcwidth() is quite expensive.
On musl there is little difference.
2020-05-09 14:11:25 +02:00
Hiltjo Posthuma
8211e36d28 fix for incorrect (partial) written sequences when libc wcwidth() == -1
Fix an issue with incorrect (partial) written sequences when libc wcwidth() ==
-1. The sequence is updated to on wcwidth(u) == -1:

	c = "\357\277\275"

but len isn't.

A way to reproduce in practise:

* st -o dump.txt
* In the terminal: printf '\xcd\xb8'
- This is codepoint 888, on OpenBSD it reports wcwidth() == -1.
- Quit the terminal.
- Look in dump.txt (partial written sequence of "UTF_INVALID").

This was introduced in:

"	commit 11625c7166
	Author: czarkoff@gmail.com <czarkoff@gmail.com>
	Date:   Tue Oct 28 12:55:28 2014 +0100

	    Replace character with U+FFFD if wcwidth() is -1

	    Helpful when new Unicode codepoints are not recognized by libc."

Change:

Remove setting the sequence. If this happens to break something, another
solution could be setting len = 3 for the sequence.
2020-05-09 14:07:52 +02:00
Hiltjo Posthuma
87545c612e tiny code-style and typo-fix in comment 2020-05-09 14:05:04 +02:00
Jan Klemkow
d6ea0a1a61 replace exit(3) by _exit(2) in signal handler sigchld()
exit(3) is not async-signal-safe but, _exit(2) is.
This change prevents st to crash and dump core.
2020-04-30 01:21:21 +02:00
Ivan Tham
72e3f6c7c0 Update XIM cursor position only if changed
Updating XIM cursor position is expensive, so only update it when cursor
position changed.
2020-04-19 19:39:48 +02:00
Hiltjo Posthuma
33a9a45664 just remove the EOF message 2020-04-11 15:45:06 +02:00
Hiltjo Posthuma
e997303502 Fix small typos 2020-04-11 15:23:23 +02:00
Quentin Rameau
c1145268f6 Launch scroll program with the default shell 2020-04-11 15:23:23 +02:00
Roberto E. Vargas Caballero
fbae700a3f Fix style issue 2020-04-11 15:23:23 +02:00
Roberto E. Vargas Caballero
e52319cc7d ttyread: test for EOF while reading tty
When a read operation returns 0 then it means that we arrived to the end of the
file, and new reads will return 0 unless you do some other operation such as
lseek(). This case happens with USB-232 adapters when they are unplugged.
2020-04-11 15:23:23 +02:00
Roberto E. Vargas Caballero
21e0d6e8b8 Add support for scroll(1)
Scroll is a program that stores all the lines of its child and be used in st as
a way of implementing scrollback.

This solution is much better than implementing the scrollback in st itself
because having a different program allows to use it in any other program
without doing modifications to those programs.
2020-04-11 15:23:20 +02:00
Avi Halachmi (:avih)
2e54a21b5a OSC 52 - copy to clipboard: don't limit to 382 bytes
Strings which an application sends to the terminal in OSC, DCS, etc
are typically small (title, colors, etc) but one exception is OSC 52
which copies text to the clipboard, and is used for instance by tmux.

Previously st cropped these strings at 512 bytes, which for OSC 52
limited the copied text to 382 bytes (remaining buffer space before
base64). This made it less useful than it can be.

Now it's a dynamic growing buffer. It remains allocated after use,
resets to 512 when a new string starts, or leaked on exit.

Resetting/deallocating the buffer right after use (at strhandle) is
possible with some more code, however, it doesn't always end up used,
and to cover those cases too will require even more code, so resetting
only on new string is good enough for now.
2019-11-10 22:45:54 +01:00
Hiltjo Posthuma
289c52b7aa CSIEscape, STREscape: use size_t for buffer length 2019-11-10 22:45:54 +01:00
Avi Halachmi (:avih)
7ceb3d1f72 STREscape: don't trim prematurely
STRescape holds strings in escape sequences such as OSC and DCS, and
its buffer is 512 bytes.

If the input is too big then trailing chars are ignored, but the test
was off-by-1 such that it took 510 chars instead of 511 (before a
terminating NULL is added).

Now the full size can be utilized.
2019-11-10 22:45:54 +01:00
Avi Halachmi (:avih)
ea4d933ed9 base64dec: don't read out of bounds
Previously, base64dec checked terminating input '\0' every 4 calls to
base64dec_getc, where the latter progressed one or more chars on each
call, and could read past '\0' in the way it was used.

The input to base64dec currently comes only from OSC 52 escape seq
(copy to clipboard), and reading past '\0' or even past the buffer
boundary was easy to trigger.

Also, even if we could trust external input to be valid base64, there
are different base64 standards, and not all of them require padding
to 4 bytes blocks (using trailing '=' chars).

It didn't affect short OSC 52 strings because the buffer is initialized
to 0's, so typically it did stop within the buffer, but if the string
was trimmed to fit (the buffer is 512 bytes) then it did also read past
the end of the buffer, and the decoded suffix ended up arbitrary.

This patch makes base64dec_getc not progress past '\0', and instead
produce fake trailing padding of '='.

Additionally, at base64dec, if padding is detected at the first or
second byte of a quartet, then we identify it as invalid and abort
(a valid quartet has at least two leading non-padding bytes).
2019-11-10 22:45:54 +01:00
Avi Halachmi (:avih)
f1546cf9c1 selection: fix view to match actual selection on first cell 2019-04-14 13:50:20 +02:00