Bug#1110769: xterm: segfault in ScrnWriteText on 3-byte binary data
On 2025-08-10 19:55:33 -0400, Thomas Dickey wrote:
> On Sun, Aug 10, 2025 at 07:37:18PM -0400, Thomas Dickey wrote:
> > On Mon, Aug 11, 2025 at 01:09:26AM +0200, Vincent Lefevre wrote:
> > > Package: xterm
> > > Version: 398-1
> > > Severity: important
> > > Tags: security upstream
> > > X-Debbugs-Cc: Debian Security Team <team@security.debian.org>
> > >
> > > I've just noticed that it is very easy to make xterm crash with
> > > some binary data:
> > >
> > > /usr/bin/xterm -e 'printf "\x9a\x85\x08"; sleep 2'
> >
> > It's not so easy (I don't see it breaking for me, and I don't see
> > an issue using asan2 or valgrind, in a recompile).
See my other messages about the needed settings.
> ...that was with Debian/testing and 13. Actually current xterm is #401.
I was actually using xterm #401 for the initial crash, but I had to
go back to #398 for the backtrace with the symbols (#401 is just in
experimental, where xterm-dbgsym is not available).
I've just upgraded to #401 again. Now
/usr/bin/xterm -e 'printf "\x9a\x85\x08"; sleep 2'
no longer crashes (ditto with -k8 and +k8). But
/usr/bin/xterm -e 'printf "\eZ\n\x08"; sleep 2'
still crashes.
--
Vincent Lefèvre <vincent@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
Reply to: