[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] [bug #43862] use-after-free, etc.
From: |
anonymous |
Subject: |
[screen-devel] [bug #43862] use-after-free, etc. |
Date: |
Sun, 21 Dec 2014 22:03:37 +0000 |
User-agent: |
Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 |
URL:
<http://savannah.gnu.org/bugs/?43862>
Summary: use-after-free, etc.
Project: GNU Screen
Submitted by: None
Submitted on: Sun 21 Dec 2014 10:03:36 PM UTC
Category: Crash/Freeze/Infloop
Severity: 3 - Normal
Priority: 5 - Normal
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Release: 4.2.1
Fixed Release: None
Planned Release: None
Work Required: None
_______________________________________________________
Details:
Hi,
In canvas.c on lines 772-783(aprox.)
"cv->c_slback" may be freed, but then used.
777 FreePerp(cv->c_slprev ? cv->c_slprev : cv->c_slnext);
778 FreePerp(cv->c_slback);
779 }
780 xs = cv->c_slback->c_xs;
781 xe = cv->c_slback->c_xe;
782 ys = cv->c_slback->c_ys;
783 ye = cv->c_slback->c_ye;
Which could either cause a crash, or "undefined behavior".
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?43862>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [screen-devel] [bug #43862] use-after-free, etc.,
anonymous <=