fix(input): sanitize incoming text, balance the draw stack (A2, A3)#39
Closed
Vadim1987 wants to merge 1 commit into
Closed
fix(input): sanitize incoming text, balance the draw stack (A2, A3)#39Vadim1987 wants to merge 1 commit into
Vadim1987 wants to merge 1 commit into
Conversation
Owner
|
These are two completely orthogonal fixes, please split out the stack balance fix to it's own. |
Author
This was referenced Jul 8, 2026
Owner
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Invalid UTF-8 reaching the input model makes
string.ulenreturn nil, and the model does unguarded arithmetic on that in several places: a multi-line paste crashes at userInputModel.lua:120,set_textwith a string at :475, and with a table at :730 (ulen(...) + 1in each case). A single-line paste is worse in a way — it doesn't crash, it silently plants the invalid bytes intoentered, after which the render loop hits itsulencheck every frame and bails out early betweenpush('all')andpop, leaking one graphics stack level per frame.Two changes:
add_text, both branches ofset_text): drop bytes that don't form valid UTF-8, usingutf8.len's error position to cut them out. Invalid bytes can arrive through the clipboard (pastein userInputController) or through the project-facing input API. Sanitizing at the boundary keeps the invariant "entered never holds invalid bytes", which covers everyulenarithmetic site in the model at once — there are more of them than the three that crash today.One call worth surfacing: invalid bytes are dropped, not replaced with U+FFFD. A visible replacement character would land inside source code and produce a compile error that's hard to explain to a child, and rejecting the whole paste over one bad byte felt harsher than losing it. If visible markers are preferred, it's a one-line change in the sanitizer.