[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[screen-devel] [bug #50197] out of bounds write when dimensions are stil
|
From: |
anonymous |
|
Subject: |
[screen-devel] [bug #50197] out of bounds write when dimensions are still 0, 0 |
|
Date: |
Wed, 1 Feb 2017 08:47:02 +0000 (UTC) |
|
User-agent: |
Mozilla/5.0 (X11; Linux i686 on x86_64; rv:45.0) Gecko/20100101 Firefox/45.0 |
Follow-up Comment #1, bug #50197 (project screen):
More investigation yielded some more insights:
- rows/cols is zero because of an earlier escape sequence (\E[?1;3;4;6l) which
is "column mode" and is supposed to initialize to either columns of 80 or 132,
see e.g. http://vt100.net/docs/vt220-rm/chapter4.html, source code snippet:
case 3: /* COLM: column mode */
i = (i ? Z0width : Z1width);
ClearScreen();
curr->w_x = 0;
curr->w_y = 0;
WChangeSize(curr, i, curr->w_height);
cols = curr->w_width;
rows = curr->w_height;
break;
- the numbers 80 and 132 are stored in the "constants" Z0width and Z1width
which are to be set by InitTermcap, source code snippet:
/* Termcap fields Z0 & Z1 contain width-changing sequences. */
if (D_CZ1 == 0)
D_CZ0 = 0;
Z0width = 132;
Z1width = 80;
- since we are starting the screen in detached mode, display is 0 and
InitTermcap is never called:
if (display)
{
if (InitTermcap(0, 0))
{
debug("Could not init termcap - exiting\n");
So in summary I think there are at least two issues:
- when started in detached mode, some initialization is missing (Z0width,
Z1width)
- WriteString should check for 0 dimensions and not call low-level functions
which would do an out of bounds array access
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?50197>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
- [screen-devel] [bug #50197] out of bounds write when dimensions are still 0, 0,
anonymous <=