Description
Codex 0.125.0 panics in tui/src/wrapping.rs:52 when receiving certain bracketed-paste content over stdin via PTY.
Repro environment
- codex-cli 0.125.0 (
cw run invocation, but the panic also occurs over a plain pty injection)
- TUI mode (
codex "<initial prompt>", no exec)
- Linux x86_64
Repro steps
- Launch codex in TUI mode under any pty wrapper that can inject stdin bytes after startup (e.g.
cw run from codewire, or a Python pty.fork harness).
- After codex's TUI is initialized and ready for input, inject a bracketed-paste sequence followed by
\r:
\x1b[200~test message\x1b[201~\r
- Codex's TUI panics with:
The application panicked (crashed).
Message: byte index 18446603741554230913 is out of bounds of `<the pasted text>`
Location: tui/src/wrapping.rs:52
The byte index is consistently near u64::MAX (around 1.84e19), strongly suggesting an unsigned integer underflow in the wrapping code.
Expected
Codex should accept the pasted content as one input event and either submit it (on the trailing \r) or buffer it for the user.
Observed
Panic at startup of input handling. Backtrace is reported as <empty> even with RUST_BACKTRACE=full.
Notes
- The panic occurs even with very short ASCII-only bodies (e.g.
"test message").
- The panic is NOT triggered when the TUI is driven interactively via a real terminal emulator. It only fires when content arrives via stdin injection from a non-tty process.
- Workaround: use
codex app-server (JSON-RPC over stdio) instead of TUI for programmatic dispatch — the protocol exposes turn/steer for mid-flight input.
The location tui/src/wrapping.rs:52 is the obvious place to look — it's likely a slice operation &text[..pos] where pos was computed via subtraction that underflowed.
Description
Codex 0.125.0 panics in
tui/src/wrapping.rs:52when receiving certain bracketed-paste content over stdin via PTY.Repro environment
cw runinvocation, but the panic also occurs over a plain pty injection)codex "<initial prompt>", noexec)Repro steps
cw runfrom codewire, or a Pythonpty.forkharness).\r:The byte index is consistently near
u64::MAX(around 1.84e19), strongly suggesting an unsigned integer underflow in the wrapping code.Expected
Codex should accept the pasted content as one input event and either submit it (on the trailing
\r) or buffer it for the user.Observed
Panic at startup of input handling. Backtrace is reported as
<empty>even withRUST_BACKTRACE=full.Notes
"test message").codex app-server(JSON-RPC over stdio) instead of TUI for programmatic dispatch — the protocol exposesturn/steerfor mid-flight input.The location
tui/src/wrapping.rs:52is the obvious place to look — it's likely a slice operation&text[..pos]whereposwas computed via subtraction that underflowed.