585696 – app-misc/screen-4.3.1-r1: segmentation fault on command if argument length >=21 (e.g. screen-256color-bce-s)

Bug 585696 - app-misc/screen-4.3.1-r1: segmentation fault on command if argument length >=21 (e.g. screen-256color-bce-s)

Summary: app-misc/screen-4.3.1-r1: segmentation fault on command if argument length >=...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal major
Assignee:	Sven Wegener

URL:
Whiteboard:
Keywords:

Depends on:	586428
Blocks:
	Show dependency tree

Reported:	2016-06-12 13:29 UTC by Andrew Savchenko
Modified:	2016-06-26 09:55 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
emerge --info (emerge.info,11.14 KB, text/plain) 2016-06-12 13:29 UTC, Andrew Savchenko	Details
screen-4.3.1-term-length.patch (screen-4.3.1-term-length.patch,393 bytes, patch) 2016-06-12 13:44 UTC, Andrew Savchenko	Details \| Diff
screen-4.3.1-termlen.patch (screen-4.3.1-termlen.patch,5.79 KB, patch) 2016-06-12 14:34 UTC, Andrew Savchenko	Details \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andrew Savchenko gentoo-dev

2016-06-12 13:29:58 UTC

Created attachment 437250 [details]
emerge --info

Hi,

screen-4.3.1-r1 segfaults if term is set to a value longer than 20 chars, e.g.:

$ cat ~/.screenrc
term screen-256color-bce-s

Here is backtrace:

# gdb /usr/bin/screen core
[...]
Core was generated by `/usr/bin/SCREEN'.
Program terminated with signal SIGABRT, Aborted.
#0  0xa76e6bd1 in __kernel_vsyscall ()
(gdb) bt
#0  0xa76e6bd1 in __kernel_vsyscall ()
#1  0xa74860c9 in raise () from /lib/libc.so.6
#2  0xa74877e4 in abort () from /lib/libc.so.6
#3  0x0804df59 in CoreDump (sigsig=11) at screen.c:1717
#4  <signal handler called>
#5  0x0806d8c3 in MakeTermcap (aflag=0) at termcap.c:947
#6  0x0807f77f in DoAction (act=act@entry=0xafe469ac, key=key@entry=-1) at process.c:2684
#7  0x08084123 in DoCommand (argv=argv@entry=0xafe469ec, argl=argl@entry=0xafe46aec) at process.c:4662
#8  0x08059615 in RcLine (ubuf=ubuf@entry=0xafe46c1c "term", ubufl=ubufl@entry=2048) at fileio.c:385
#9  0x0805a548 in FinishRc (rcfilename=0x0) at fileio.c:330
#10 0x0804c885 in main (ac=<optimized out>, av=<optimized out>) at screen.c:1440

For debugging program was build using CFLAGS="-O2 -pipe -ggdb3".

Looks like the reason comes from termcap.c:75:
char screenterm[20];        /* new $TERM, usually "screen" */

I'll test a fix and will report back later.

Comment 1 Andrew Savchenko gentoo-dev

2016-06-12 13:34:45 UTC

And this is how screen is configured:

$ eix -e screen
[...]
     Installed versions:  4.3.1-r1{tbz2}(03:44:08 PM 06/12/2016)(pam -debug -multiuser -nethack -selinux)

Comment 2 Andrew Savchenko gentoo-dev

2016-06-12 13:43:19 UTC

> Looks like the reason comes from termcap.c:75:
> char screenterm[20];        /* new $TERM, usually "screen" */

Indeed this is the cause. Patch below fixes segfault.

Comment 3 Andrew Savchenko gentoo-dev

2016-06-12 13:44:04 UTC

Created attachment 437252 [details, diff]
screen-4.3.1-term-length.patch

Comment 4 Andrew Savchenko gentoo-dev

2016-06-12 14:34:43 UTC

Created attachment 437260 [details, diff]
screen-4.3.1-termlen.patch

screenterm length is actually hardcoded in more places...

Upstream already fixed this issue in git:
http://git.savannah.gnu.org/cgit/screen.git/commit/?id=37ca949e462a7608572f653848b5a7554964fd53

However, upstream patch doesn't apply to 4.3.1, because many code changes were made. So I backported commit mentioned above to 4.3.1.

Seems to work fine here.

Comment 5 Andrew Savchenko gentoo-dev

2016-06-19 21:22:51 UTC

This issue was kindly fixed by upstream in the new screen-4.4.0 release.

Comment 6 Jeroen Roovers (RETIRED) gentoo-dev

2016-06-26 09:51:01 UTC

Fixed in 4.4.0.