From 37863356b00cd41c24e10243121649473b98824f Mon Sep 17 00:00:00 2001
From: Christoph Lohmann <20h@r-36.net>
Date: Mon, 25 Feb 2013 13:23:56 +0100
Subject: [PATCH] Using strtol with overflow checking.

---
 st.c | 18 ++++++++++++------
 1 file changed, 12 insertions(+), 6 deletions(-)

diff --git a/st.c b/st.c
index afa6813..23c4caf 100644
--- a/st.c
+++ b/st.c
@@ -1296,17 +1296,22 @@ tnewline(int first_col) {
 void
 csiparse(void) {
 	/* int noarg = 1; */
-	char *p = csiescseq.buf;
+	char *p = csiescseq.buf, *np;
+	long int v;
 
 	csiescseq.narg = 0;
 	if(*p == '?')
 		csiescseq.priv = 1, p++;
 
 	while(p < csiescseq.buf+csiescseq.len) {
-		while(isdigit(*p)) {
-			csiescseq.arg[csiescseq.narg] *= 10;
-			csiescseq.arg[csiescseq.narg] += *p++ - '0'/*, noarg = 0 */;
-		}
+		np = NULL;
+		v = strtol(p, &np, 10);
+		if(v == LONG_MAX || v == LONG_MIN)
+			v = -1;
+		csiescseq.arg[csiescseq.narg] = v;
+		if(np != NULL)
+			p = np;
+
 		if(*p == ';' && csiescseq.narg+1 < ESC_ARG_SIZ) {
 			csiescseq.narg++, p++;
 		} else {
@@ -2116,7 +2121,8 @@ tputc(char *c, int len) {
 			if(BETWEEN(ascii, 0x40, 0x7E)
 					|| csiescseq.len >= ESC_BUF_SIZ) {
 				term.esc = 0;
-				csiparse(), csihandle();
+				csiparse();
+				csihandle();
 			}
 		} else if(term.esc & ESC_STR_END) {
 			term.esc = 0;