From b7add202159e48c9f97a2ae98a3f375ffaace148 Mon Sep 17 00:00:00 2001
From: Bakkeby <bakkeby@gmail.com>
Date: Thu, 7 Mar 2024 21:44:39 +0100
Subject: [PATCH] Set upper limit for REP escape sequence argument

Previously, printf 'L\033[2147483647b' would call tputc('L') 2^31 times,
making st unresponsive. This commit allows repeating the last character
at most 65535 times in order to prevent freezing and DoS attacks.

ref.
https://git.suckless.org/st/commit/95f22c53059ccd60ee701ccf2659dacd95e4e89a.html
---
 st.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/st.c b/st.c
index b7bddf3..d6fad11 100644
--- a/st.c
+++ b/st.c
@@ -2254,7 +2254,7 @@ csihandle(void)
 			ttywrite(vtiden, strlen(vtiden), 0);
 		break;
 	case 'b': /* REP -- if last char is printable print it <n> more times */
-		DEFAULT(csiescseq.arg[0], 1);
+		LIMIT(csiescseq.arg[0], 1, 65535);
 		if (term.lastc)
 			while (csiescseq.arg[0]-- > 0)
 				tputc(term.lastc);