URL:
<http://savannah.gnu.org/bugs/?53934>
Summary: Scrollback buffer allows exceeding available memory
and DoS conditions.
Project: GNU Screen
Submitted by: kyrian
Submitted on: Thu 17 May 2018 08:33:56 PM UTC
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.0.3
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
PREAMBLE:
Admittedly here, for a lot of values, it will revert the scrollback buffer to
'0' if you put in a stupid value, however screen's definition of "stupid
value" does not seem to extend to one that includes exhausting all physical
memory and sending the system into a spin.
My guess is that screen protects itself against numeric data type overflows,
but not against exhausting all available system memory.
VERSION:
$ screen -v
Screen version 4.03.01 (GNU) 28-Jun-15
BEFORE:
top - 21:03:26 up 3 min, 2 users, load average: 2.31, 2.40, 1.04
Tasks: 240 total, 1 running, 238 sleeping, 0 stopped, 1 zombie
%Cpu(s): 0.9 us, 0.6 sy, 0.0 ni, 98.3 id, 0.2 wa, 0.0 hi, 0.0 si, 0.0
st
KiB Mem : 8174732 total, 5996544 free, 388212 used, 1789976 buff/cache
KiB Swap: 8122364 total, 8122364 free, 0 used. 7477156 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3364 kyrian 20 0 27192 2660 2160 S 0.0 0.0 0:00.00 screen
3363 kyrian 20 0 27052 2828 2608 S 0.0 0.0 0:00.00 screen
CAUSE PROBLEM:
[CTRL]+A
:scrollback 99999999
AFTER:
top - 21:13:10 up 5 min, 2 users, load average: 1.36, 1.04, 0.50
Tasks: 189 total, 2 running, 187 sleeping, 0 stopped, 0 zombie
%Cpu(s): 26.2 us, 3.0 sy, 0.0 ni, 67.8 id, 3.0 wa, 0.0 hi, 0.0 si, 0.0
st
KiB Mem : 8174732 total, 1552664 free, 6082440 used, 539628 buff/cache
KiB Swap: 8122364 total, 8122364 free, 0 used. 1806336 avail Mem
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2271 kyrian 20 0 9564488 5.586g 2072 R 93.8 71.7 0:13.14 screen
...
2270 kyrian 20 0 27052 2784 2560 S 0.0 0.0 0:00.00 screen
FINAL:
I noticed this at work on another system with another version of screen, and
only now got around to regaining savannah access and filing it by testing on
my own system. I've crashed my computer out far too many times trying to file
this bug to get a snapshot of 'top' when closer to the mark of an actual
crash, but suffice to say the kernel panic that eventually appeared on screen
was about unable to page memory, and required a reboot to get things back.
It would probably be good to get this fixed quickly because of how pervasive
screen is, and how easy this is to bring a system down.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?53934>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
