Feeding the following character sequence into ./test causes an out-of-bounds write in line 60 of vtparse.c:

echo -en "\e["`printf '99;%.0s' {0..15}`m | ./test

Relevant code snippet:

            /* process the param character */
            if(ch == ';')
            {
                parser->num_params += 1;
                parser->params[parser->num_params-1] = 0; /* <- bad */
            }

Fortunately, at the moment, this is not a severe issue, since the next member after params in struct vtparser is num_params, which is reset to zero in the above code. However, if params was at the end of the vtparser structure, this would allow to override whatever comes next in memory. Still, even with the way it is right now, writing outside the bounds of a fixed-size array is undefined behaviour and should be fixed.

I suggest an explicit check before incrementing num_params and going to an error state if parser->num_params is greater than the size of the params array.