From: Matthew Martin <phy1729@gmail.com>
Subject: XTerm segfault
To: tech@openbsd.org, dickey@invisible-island.net
Date: Sun, 11 Aug 2024 17:20:42 -0500

On OpenBSD-current with XTerm patch 393, running
    printf '\e[3m\xe2\x80\x99'
causes xterm to segfault. The cause seems to be in xtermFullString16 in
util.c with the expansion of XTermFontsRef; namely xf - fn is out of
range of TScreen.fnts. The below patch appears to fix the issue.


diff --git a/util.c b/util.c
index 06de3e64f..de73d112c 100644
--- a/util.c
+++ b/util.c
@@ -3901,7 +3901,7 @@ xtermFullString16(XTermDraw * params, unsigned flags, GC gc,
 	       (ch > NARROW_ICHAR) ||
 #endif
 	       xtermMissingChar(ch,
-				(((xf >= fn) && (xf - fn) <= fMAX)
+				(((xf >= fn) && (xf - fn) < fMAX)
 				 ? XTermFontsRef(screen->fnts,
 						 (VTFontEnum) (xf - fn))
 				 : fp))) {