URL: <https://savannah.gnu.org/bugs/?66147>
Summary: screen crashes in attacher.c:465 when compiled with FORTIFY_SOURCE=3 Group: GNU Screen Submitter: None Submitted: Fri 30 Aug 2024 10:00:55 AM UTC Category: Crash/Freeze/Infloop Severity: 3 - Normal Priority: 5 - Normal Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Release: 5.0.0 Fixed Release: None Planned Release: None Work Required: None _______________________________________________________ Follow-up Comments: ------------------------------------------------------- Date: Fri 30 Aug 2024 10:00:55 AM UTC By: Anonymous Hello, we have been recently made aware about a bug in screen which makes it crash when being compiled with FORTIFY_SOURCE=3. This usually indicates a bug in the source code. It can be triggered like so: $ screen -v Screen version 5.0.0 (build on 2024-08-29 01:08:49) $ screen -dmS test $ screen -S test -X stuff "ls" *** buffer overflow detected ***: terminated Aborted (core dumped) When examined with gdb this gives the following backtrace: (gdb) bt #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007f4858e5b463 in __pthread_kill_internal (threadid=<optimized out>, signo=6) at pthread_kill.c:78 #2 0x00007f4858e02120 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007f4858de94c3 in __GI_abort () at abort.c:79 #4 0x00007f4858dea354 in __libc_message_impl (fmt=fmt@entry=0x7f4858f7816c "*** %s ***: terminated\n") at ../sysdeps/posix/libc_fatal.c:132 #5 0x00007f4858eea799 in __GI___fortify_fail (msg=msg@entry=0x7f4858f78153 "buffer overflow detected") at fortify_fail.c:24 #6 0x00007f4858eea124 in __GI___chk_fail () at chk_fail.c:28 #7 0x00007f4858eebd39 in __GI___strncpy_chk (s1=s1@entry=0x7ffed1859156 "", s2=s2@entry=0x7ffed185c111 "ls", n=n@entry=4096, s1len=<optimized out>) at strncpy_chk.c:26 #8 0x000055fea93f5190 in strncpy (__dest=<optimized out>, __src=<optimized out>, __len=<optimized out>, __dest=<optimized out>, __src=<optimized out>, __len=<optimized out>) at /usr/include/bits/string_fortified.h:100 #9 SendCmdMessage (sty=<optimized out>, match=<optimized out>, av=0x7ffed185b300, query=...) at /usr/src/debug/screen/screen-5.0.0/attacher.c:465 #10 main (argc=<optimized out>, argv=0x7ffed185b2f8) at /usr/src/debug/screen/screen-5.0.0/screen.c:905 Indicating that https://git.savannah.gnu.org/cgit/screen.git/tree/src/attacher.c#n465 causes the crash. This issue has first been reported on the Arch Linux Bugtracker by Albert Chaharbakhshi: https://gitlab.archlinux.org/archlinux/packaging/packages/screen/-/issues/2#note_206734 _______________________________________________________ Reply to this item at: <https://savannah.gnu.org/bugs/?66147> _______________________________________________ Message sent via Savannah https://savannah.gnu.org/
signature.asc
Description: PGP signature