Bug#779397: xterm: buffer overflow with -S option

To: Julien Cristau <jcristau@debian.org>
Cc: 779397@bugs.debian.org
Subject: Bug#779397: xterm: buffer overflow with -S option
From: Vincent Lefevre <vincent@vinc17.net>
Date: Mon, 2 Mar 2015 02:38:33 +0100
Message-id: <[🔎] 20150302013833.GC24079@xvii.vinc17.org>
Reply-to: Vincent Lefevre <vincent@vinc17.net>, 779397@bugs.debian.org
In-reply-to: <[🔎] 20150301220813.GN1940@betterave.cristau.org>
References: <20150228023752.GA23731@xvii.vinc17.org> <[🔎] 20150301220813.GN1940@betterave.cristau.org>

On 2015-03-01 23:08:13 +0100, Julien Cristau wrote:
> I don't think bad handling of a command line option qualifies, there's
> no trust boundary to breach there afaict?

I don't understand. Command line options could come from an external
source, after some filtering on the acceptable values (regarded as
safe).

Moreover it happens that here the buffer overflow was detected
immediately, but problems may be more important if xterm continued
with corrupted memory and uncontrolled effects.

-- 
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Reply to:

Follow-Ups:
- Bug#779397: xterm: buffer overflow with -S option
  - From: Sven Joachim <svenjoac@gmx.de>

References:
- Bug#779397: xterm: buffer overflow with -S option
  - From: Julien Cristau <jcristau@debian.org>

Prev by Date: Bug#779529: xserver-xorg-video-intel: Built-in display completely black if external monitor is plugged in
Next by Date: Processed: your mail
Previous by thread: Bug#779397: xterm: buffer overflow with -S option
Next by thread: Bug#779397: xterm: buffer overflow with -S option
Index(es):
- Date
- Thread