diff.g was used twice instead of diff.g + diff.b, causing the
same-color detection to miss blue-only differences. This meant
the HSLuv contrast override could skip adjustment for color pairs
differing primarily in blue.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Refactored so text_width_for_single_line is called inside draw_window_title
after CSI stripping, avoiding stripping the same text twice. The standalone
text_width_for_single_line wrapper is removed; draw_window_title now accepts
a size_t *actual_width output parameter that, when non-NULL, triggers text
width calculation and width reduction.
Agent-Logs-Url: https://github.com/kovidgoyal/kitty/sessions/a70cccb9-332a-4f7b-81f8-8cbeb7ed2c26
Co-authored-by: kovidgoyal <1308621+kovidgoyal@users.noreply.github.com>
- Add freetype_text_width_for_single_line() in freetype_render_ui_text.c
- Add cocoa_text_width_for_single_line() in core_text.m
- Add text_width_for_single_line() wrapper in glfw.c for both platforms
- Modify draw_single_line_of_text() to accept optional max_width parameter
- Return (pixels, width) tuple instead of just pixels
- Update all Python call sites in tabs.py and window.py
Agent-Logs-Url: https://github.com/kovidgoyal/kitty/sessions/508483db-ffcd-4d43-a8ee-83fcd3ec9c01
Co-authored-by: kovidgoyal <1308621+kovidgoyal@users.noreply.github.com>
Timing-safe comparisons:
- crypto.c: Replace memcmp with CRYPTO_memcmp for Secret equality,
require equal lengths before comparing
- remote_control.py: Constant-time password lookup to avoid leaking
valid passwords via dict hash timing
- file_transmission.py: Use hmac.compare_digest for bypass token
comparison instead of ==
Memory safety:
- child-monitor.c: Fix inverted condition in write_to_peer that
prevented memmove from ever executing on partial writes
- ibus_glfw.c: Null-terminate IBUS_ADDRESS copy to prevent string
overread when strlen >= PATH_MAX
- x11_window.c: Add NULL checks after realloc in clipboard/DnD
data handling (two sites)
- dnd.c: Cap accepted_mimes at 1MB to prevent unbounded growth,
fix realloc to not lose the original pointer on failure
- png-reader.c: Cast to size_t before multiplication to prevent
integer overflow on 32-bit platforms
Secrets hygiene:
- disk-cache.c: Zero encryption_key with explicit_bzero before free
Tar extraction hardening:
- tar.go: Validate hardlink targets against destination prefix to
prevent writing outside extraction directory
- tar.go: Strip setuid/setgid/sticky bits from extracted files
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>