URL:
<http://savannah.gnu.org/bugs/?43862>
Summary: use-after-free, etc.
Project: GNU Screen
Submitted by: None
Submitted on: Sun 21 Dec 2014 10:03:36 PM UTC
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.2.1
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
Hi,
In canvas.c on lines 772-783(aprox.)
"cv->c_slback" may be freed, but then used.
777 FreePerp(cv->c_slprev ? cv->c_slprev : cv->c_slnext);
778 FreePerp(cv->c_slback);
779 }
780 xs = cv->c_slback->c_xs;
781 xe = cv->c_slback->c_xe;
782 ys = cv->c_slback->c_ys;
783 ye = cv->c_slback->c_ye;
Which could either cause a crash, or "undefined behavior".
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43862>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
