[screen-devel] [bug #66147] screen crashes in attacher.c:465 when compiled with FORTIFY_SOURCE=3

Fri, 30 Aug 2024 03:01:40 -0700 

URL:
  <https://savannah.gnu.org/bugs/?66147>

                 Summary: screen crashes in attacher.c:465 when compiled with
FORTIFY_SOURCE=3
                   Group: GNU Screen
               Submitter: None
               Submitted: Fri 30 Aug 2024 10:00:55 AM UTC
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 5.0.0
           Fixed Release: None
         Planned Release: None
           Work Required: None


    _______________________________________________________

Follow-up Comments:


-------------------------------------------------------
Date: Fri 30 Aug 2024 10:00:55 AM UTC By: Anonymous
Hello,

we have been recently made aware about a bug in screen which makes it crash
when being compiled with FORTIFY_SOURCE=3. This usually indicates a bug in the
source code.

It can be triggered like so:

    $ screen -v
    Screen version 5.0.0 (build on 2024-08-29 01:08:49)
    $ screen -dmS test
    $ screen -S test -X stuff "ls"
    *** buffer overflow detected ***: terminated
    Aborted (core dumped)

When examined with gdb this gives the following backtrace:

    (gdb) bt
    #0  __pthread_kill_implementation (threadid=<optimized out>,
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
    #1  0x00007f4858e5b463 in __pthread_kill_internal (threadid=<optimized
out>, signo=6) at pthread_kill.c:78
    #2  0x00007f4858e02120 in __GI_raise (sig=sig@entry=6) at
../sysdeps/posix/raise.c:26
    #3  0x00007f4858de94c3 in __GI_abort () at abort.c:79
    #4  0x00007f4858dea354 in __libc_message_impl
(fmt=fmt@entry=0x7f4858f7816c "*** %s ***: terminated\n") at
../sysdeps/posix/libc_fatal.c:132
    #5  0x00007f4858eea799 in __GI___fortify_fail
(msg=msg@entry=0x7f4858f78153 "buffer overflow detected") at
fortify_fail.c:24
    #6  0x00007f4858eea124 in __GI___chk_fail () at chk_fail.c:28
    #7  0x00007f4858eebd39 in __GI___strncpy_chk (s1=s1@entry=0x7ffed1859156
"", s2=s2@entry=0x7ffed185c111 "ls", n=n@entry=4096, s1len=<optimized out>)
        at strncpy_chk.c:26
    #8  0x000055fea93f5190 in strncpy (__dest=<optimized out>,
__src=<optimized out>, __len=<optimized out>, __dest=<optimized out>,
__src=<optimized out>, 
        __len=<optimized out>) at /usr/include/bits/string_fortified.h:100
    #9  SendCmdMessage (sty=<optimized out>, match=<optimized out>,
av=0x7ffed185b300, query=...) at
/usr/src/debug/screen/screen-5.0.0/attacher.c:465
    #10 main (argc=<optimized out>, argv=0x7ffed185b2f8) at
/usr/src/debug/screen/screen-5.0.0/screen.c:905

Indicating that
https://git.savannah.gnu.org/cgit/screen.git/tree/src/attacher.c#n465 causes
the crash.

This issue has first been reported on the Arch Linux Bugtracker by Albert
Chaharbakhshi:
https://gitlab.archlinux.org/archlinux/packaging/packages/screen/-/issues/2#note_206734







    _______________________________________________________

Reply to this item at:

  <https://savannah.gnu.org/bugs/?66147>

_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/

Attachment: signature.asc
Description: PGP signature

Reply via email to