starred/terminal
1
0
Fork 0
mirror of https://github.com/microsoft/terminal.git synced 2026-02-04 05:35:20 +00:00
Code Issues 19.0k Packages Projects Releases 20 Wiki Activity

Certain sequences with default parameters can trigger a crash #19767

New Issue
Closed
opened 2026-01-31 06:53:05 +00:00 by claunia · 0 comments
claunia commented 2026-01-31 06:53:05 +00:00
Owner
Copy Link

Originally created by @j4james on GitHub (Apr 25, 2023).

Windows Terminal version

1.17.1023

Windows build number

10.0.19045.2728

Other Software

No response

Steps to reproduce

  1. Open a bash shell.
  2. Execute printf "\e[\$r"

Expected Behavior

That sequence executes the DECCARA control with all default parameters. That should have the effect of resetting the attributes of everything on the screen.

Actual Behavior

The terminal hangs for a second, and then the tab closes (assumedly because the underlying conhost has crashed).

The problem arises when using the VTParameters::subspan method to access an offset beyond the end of the original span. Other than the DECCARA sequence, this can also be triggered by DECRARA and DECPS. In the latter case, the whole terminal can crash rather than just the active tab. That may just be a matter of chance though.

My suggested fix would be to change the VTParameters::subspan implementation here:

5ed3c76dcb/src/terminal/adapter/DispatchTypes.hpp (L187)

to something like this:

    const auto subValues = _values.subspan(std::min(offset, _values.size()));

That way an offset beyond the end of the source span would just produce an empty span (that's what I mistakenly assumed the subspan was already doing).

Originally created by @j4james on GitHub (Apr 25, 2023). ### Windows Terminal version 1.17.1023 ### Windows build number 10.0.19045.2728 ### Other Software _No response_ ### Steps to reproduce 1. Open a bash shell. 2. Execute `printf "\e[\$r"` ### Expected Behavior That sequence executes the `DECCARA` control with all default parameters. That should have the effect of resetting the attributes of everything on the screen. ### Actual Behavior The terminal hangs for a second, and then the tab closes (assumedly because the underlying conhost has crashed). The problem arises when using the `VTParameters::subspan` method to access an offset beyond the end of the original span. Other than the `DECCARA` sequence, this can also be triggered by `DECRARA` and `DECPS`. In the latter case, the whole terminal can crash rather than just the active tab. That may just be a matter of chance though. My suggested fix would be to change the `VTParameters::subspan` implementation here: https://github.com/microsoft/terminal/blob/5ed3c76dcbf2d1ad7dc57c599c85c85713b0294f/src/terminal/adapter/DispatchTypes.hpp#L187 to something like this: ````cpp const auto subValues = _values.subspan(std::min(offset, _values.size())); ```` That way an offset beyond the end of the source span would just produce an empty span (that's what I mistakenly assumed the `subspan` was already doing).
claunia added the Needs-TriageIssue-BugIn-PR labels 2026-01-31 06:53:05 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Reserved
A11yCO
A11yMAS
A11ySev1
A11ySev2
A11ySev3
A11yTTValidated
A11yUsable
A11yVoiceAccess
A11yWCAG
Area-Accessibility
Area-AtlasEngine
Area-AzureShell
Area-Build
Area-Build
Area-Chat
Area-CmdPal
Area-CodeHealth
Area-Commandline
Area-CookedRead
Area-DefApp
Area-Extensibility
Area-Fonts
Area-GroupPolicy
Area-i18n
Area-Input
Area-Interaction
Area-Interop
Area-Localization
Area-Output
Area-Performance
Area-Portable
Area-Quality
Area-Remoting
Area-Rendering
Area-Schema
Area-Server
Area-Settings
Area-SettingsUI
Area-ShellExtension
Area-ShellExtension
Area-ShellExtension
Area-Suggestions
Area-Suggestions
Area-TerminalConnection
Area-TerminalControl
Area-Theming
Area-UserInterface
Area-VT
Area-Windowing
Area-WPFControl
AutoMerge
Blocking-Ingestion
Culprit-Centennial
Culprit-WinUI
Disability-All
Disability-Blind
Disability-LowVision
Disability-Mobility
External-Blocked-WinUI3
Fixed
Gathering-Data
good first issue
HCL-E+D
HCL-WindowsTerminal
Help Wanted
Impact-Compatibility
Impact-Compliance
Impact-Correctness
Impact-Visual
In-PR
InclusionBacklog
InclusionBacklog-Windows TerminalWin32
InclusionCommitted-202206
Issue-Bug
Issue-Docs
Issue-Feature
Issue-Feature
Issue-Question
Issue-Samples
Issue-Scenario
Issue-Task
Needs-Attention
Needs-Author-Feedback
Needs-Bisect
Needs-Discussion
Needs-Repro
Needs-Tag-Fix
Needs-Tag-Fix
Needs-Triage
No-Recent-Activity
Priority-0
Priority-1
Priority-2
Priority-3
Product-Cmd.exe
Product-Colortool
Product-Colortool
Product-Colortool
Product-Conhost
Product-Conpty
Product-Meta
Product-Powershell
Product-Terminal
Product-WSL
pull-request
Mirrored from GitHub Pull Request
 Resolution-Answered
Resolution-By-Design
Resolution-Duplicate
Resolution-External
Resolution-Fix-Available
Resolution-Fix-Committed
Resolution-No-Repro
Resolution-Won't-Fix
Severity-Blocking
Severity-Crash
Severity-DataLoss
spam
this-will-be-a-breaking-change
Tracking-External
WindowsTerminal_Win32
Work-Item
zAskModeBug
zInbox-Bug
No Label In-PR Issue-Bug Needs-Triage
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
claunia
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/terminal#19767
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?