Re: Bug#982435: screen: CVE-2021-26937
On Wed, Feb 10, 2021 at 05:51:50PM +0100, Axel Beckert wrote:
>
> It though doesn't crash an unpatched screen.
>
Hey Axel, I tried to reply to your screen-devel post, but it's taking a
while to subscribe!
Here is the message I sent:
On 2021-02-10, Axel Beckert wrote:
> + else if (i < sizeof combchars / sizeof *combchars) {
This doesn't seem right, I think it should be compared against the
calloc param at the top of utf8_handle_comb(), but I don't really
understand enough about unicode to know where that 0x802 comes from!
I think for sure this code doesn't handle c > 0x801, so maybe that's an
acceptable fix?
i.e.
--- encoding.c>-2020-02-05 12:09:38.000000000 -0800
+++ encoding.c>-2021-02-10 15:00:05.000000000 -0800
@@ -1357,6 +1357,9 @@
int root, i, c1;
int isdouble;
+ if (c > 0x801)
+ return;
+
c1 = mc->image | (mc->font << 8) | mc->fontx << 16;
isdouble = c1 >= 0x1100 && utf8_isdouble(c1);
if (!combchars)
Tavis.
--
_o) $ lynx lock.cmpxchg8b.com
/\\ _o) _o) $ finger taviso@sdf.org
_\_V _( ) _( ) @taviso
Reply to: