[screen-devel] [bug #57937] Heap Buffer overflow in MWrapChar

Fri, 04 Feb 2022 07:24:35 -0800 

Follow-up Comment #2, bug #57937 (project screen):

I am no longer able to reproduce that bug, because apparently when I try I'm
hitting a different bug that crashes screen with asan:

==10017==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x6160013ceec4 at pc 0x7fd1e224ea47 bp 0x7ffc8ca84430 sp 0x7ffc8ca83bd8
READ of size 584 at 0x6160013ceec4 thread T0
    #0 0x7fd1e224ea46 in __interceptor_memmove
(/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/libasan.so.6+0x39a46)
    #1 0x55fbfe37946f in MScrollV (/tmp/s/screen/src/screen+0x5446f)
    #2 0x55fbfe371661 in LineFeed (/tmp/s/screen/src/screen+0x4c661)
    #3 0x55fbfe36a661 in Special (/tmp/s/screen/src/screen+0x45661)
    #4 0x55fbfe366e9c in WriteString (/tmp/s/screen/src/screen+0x41e9c)
    #5 0x55fbfe470feb in win_readev_fn (/tmp/s/screen/src/screen+0x14bfeb)
    #6 0x55fbfe443343 in sched (/tmp/s/screen/src/screen+0x11e343)
    #7 0x55fbfe3579d0 in main (/tmp/s/screen/src/screen+0x329d0)
    #8 0x7fd1e1ffb2f9 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58
    #9 0x7fd1e1ffb3a7 in __libc_start_main_impl ../csu/libc-start.c:409
    #10 0x55fbfe352b60 in _start (/tmp/s/screen/src/screen+0x2db60)

0x6160013ceec4 is located 0 bytes to the right of 580-byte region
[0x6160013cec80,0x6160013ceec4)
allocated by thread T0 here:
    #0 0x7fd1e22c7bc8 in __interceptor_realloc
(/usr/lib/gcc/x86_64-pc-linux-gnu/11.2.1/libasan.so.6+0xb2bc8)
    #1 0x55fbfe43e480 in xrealloc (/tmp/s/screen/src/screen+0x119480)
    #2 0x55fbfe43d2ec in CheckMaxSize (/tmp/s/screen/src/screen+0x1182ec)
    #3 0x55fbfe43a215 in ChangeScreenSize (/tmp/s/screen/src/screen+0x115215)
    #4 0x55fbfe439a70 in CheckScreenSize (/tmp/s/screen/src/screen+0x114a70)
    #5 0x55fbfe44da18 in ReceiveMsg (/tmp/s/screen/src/screen+0x128a18)
    #6 0x55fbfe35b8bf in serv_read_fn (/tmp/s/screen/src/screen+0x368bf)
    #7 0x55fbfe443343 in sched (/tmp/s/screen/src/screen+0x11e343)
    #8 0x55fbfe3579d0 in main (/tmp/s/screen/src/screen+0x329d0)
    #9 0x7fd1e1ffb2f9 in __libc_start_call_main
../sysdeps/nptl/libc_start_call_main.h:58


    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?57937>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/

Reply via email to