Bug#779397: xterm: buffer overflow with -S option

To: Vincent Lefevre <vincent@vinc17.net>
Cc: Julien Cristau <jcristau@debian.org>, 779397@bugs.debian.org
Subject: Bug#779397: xterm: buffer overflow with -S option
From: Sven Joachim <svenjoac@gmx.de>
Date: Mon, 02 Mar 2015 17:52:35 +0100
Message-id: <[🔎] 87egp72vfw.fsf@turtle.gmx.de>
Reply-to: Sven Joachim <svenjoac@gmx.de>, 779397@bugs.debian.org
In-reply-to: <[🔎] 20150302013833.GC24079@xvii.vinc17.org> (Vincent Lefevre's message of "Mon, 2 Mar 2015 02:38:33 +0100")
References: <20150228023752.GA23731@xvii.vinc17.org> <[🔎] 20150301220813.GN1940@betterave.cristau.org> <[🔎] 20150302013833.GC24079@xvii.vinc17.org>

On 2015-03-02 02:38 +0100, Vincent Lefevre wrote:

> Moreover it happens that here the buffer overflow was detected
> immediately,

Which has apparently been the case for over three years, since I can
reproduce the problem with wheezy's xterm.  This probably means that
very few people use this obscure option.

> but problems may be more important if xterm continued
> with corrupted memory and uncontrolled effects.

Might happen if xterm is built without -D_FORTIFY_SOURCE=2.  The squeeze
version does not crash immediately, haven't looked if there were any
code changes in that area between squeeze and wheezy.

Cheers,
       Sven

Reply to:

References:
- Bug#779397: xterm: buffer overflow with -S option
  - From: Julien Cristau <jcristau@debian.org>
- Bug#779397: xterm: buffer overflow with -S option
  - From: Vincent Lefevre <vincent@vinc17.net>

Prev by Date: Bug#529178:
Next by Date: Bug#779529: xserver-xorg-video-intel: Built-in display completely black if external monitor is plugged in
Previous by thread: Bug#779397: xterm: buffer overflow with -S option
Next by thread: Processed: your mail
Index(es):
- Date
- Thread