Index: st.c
--- st.c.orig
+++ st.c
@@ -35,6 +35,7 @@
 #define ESC_ARG_SIZ   16
 #define STR_BUF_SIZ   ESC_BUF_SIZ
 #define STR_ARG_SIZ   ESC_ARG_SIZ
+#define STR_BUF_MAX   (256*1024)
 #define HISTSIZE      2000
 #define RESIZEBUFFER  1000
 
@@ -2025,7 +2026,8 @@ csihandle(void)
 		case 6: /* Report Cursor Position (CPR) "<row>;<column>R" */
 			n = snprintf(buf, sizeof(buf), "\033[%i;%iR",
 			               term.c.y+1, term.c.x+1);
-			ttywrite(buf, n, 0);
+			if (n > 0)
+				ttywrite(buf, n, 0);
 			break;
 		default:
 			goto unknown;
@@ -2645,8 +2647,11 @@ tputc(Rune u)
 			 * term.esc = 0;
 			 * strhandle();
 			 */
-			if (strescseq.siz > (SIZE_MAX - UTF_SIZ) / 2)
+			if (strescseq.siz > (SIZE_MAX - UTF_SIZ) / 2 ||
+			    strescseq.siz >= STR_BUF_MAX) {
+				strreset();
 				return;
+			}
 			strescseq.siz *= 2;
 			strescseq.buf = xrealloc(strescseq.buf, strescseq.siz);
 		}