Thanks Alex for taking time on this. I'm changing bug to security public
so we can get more attention even it's already fix in upstream, given
the difficulties to get the exact commit/patch to fix it.

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to xterm in Ubuntu.

  ESC ] 6;12;? ESC \ freezes xterm with 100% CPU usage

Status in xterm package in Ubuntu:

Bug description:
  Running the following command:

  printf "\x1b]6;12;?\x1b\\"

  while inside an xterm window causes xterm to stop responding to user
  input, produce no output, and consume 100% CPU usage (i.e. it runs
  indefinitely on a single core). Most likely this is a consequence of
  an infinite loop.

  The bug is triggered by the character sequence produced by the above
  printf command being sent to the terminal via any means (e.g. placing
  it in a text file, and then using cat to display the text file, also
  causes xterm to enter an infinite loop).

  The character sequence that printf outputs when running this command
  has a similar form to that of many xterm terminal commands, so most
  likely xterm is attempting to interpret it a command. That said, I
  don't think it's actually meaningful (it starts an OSC 6 command but
  then gives it invalid parameters). Nonetheless, xterm probably
  shouldn't go into an infinite loop as a response to a program printing
  text on it, no matter how meaningless that text is. (I stumbled across
  this particular sequence by chance when writing a terminal testsuite.)

  I'm not sure whether this is a security-related bug or not, but it's
  certainly plausible that it could be used as a remote denial of
  service, or possibly to make it harder to view text files (as
  attempting to display them in xterm will cause it to crash). People
  don't normally expect running cat to be able to crash their terminal.
  As such, I'm classifying it as security-related as a precaution. Feel
  free to override this setting if you disagree.

  ProblemType: Bug
  DistroRelease: Ubuntu 16.04
  Package: xterm 322-1ubuntu1
  ProcVersionSignature: Ubuntu 4.4.0-41.61-generic 4.4.21
  Uname: Linux 4.4.0-41-generic x86_64
  ApportVersion: 2.20.1-0ubuntu2.1
  Architecture: amd64
  CompositorRunning: compiz
  CompositorUnredirectDriverBlacklist: '(nouveau|Intel).*Mesa 8.0'
  CompositorUnredirectFSW: true
  CurrentDesktop: Unity
  Date: Sat Oct  1 18:11:36 2016
  DistUpgraded: 2016-05-02 01:10:52,869 ERROR got error from PostInstallScript 
./ (g-exec-error-quark: Failed to execute child process 
"./" (No such file or directory) (8))
  DistroCodename: xenial
  DistroVariant: ubuntu
  ExecutablePath: /usr/bin/xterm
   Intel Corporation 3rd Gen Core processor Graphics Controller [8086:0166] 
(rev 09) (prog-if 00 [VGA controller])
     Subsystem: Hewlett-Packard Company 3rd Gen Core processor Graphics 
Controller [103c:2186]
  InstallationDate: Installed on 2014-06-03 (851 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
  MachineType: Hewlett-Packard HP Pavilion 15 Notebook PC
  ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-4.4.0-41-generic.efi.signed 
root=UUID=e92d655d-cf36-4d45-90e7-30a0f9d0949e ro quiet splash vt.handoff=7
  SourcePackage: xterm
  UpgradeStatus: Upgraded to xenial on 2016-05-02 (152 days ago) 09/21/2015
  dmi.bios.vendor: Insyde
  dmi.bios.version: F.68
  dmi.board.asset.tag: Type2 - Board Asset Tag 2186
  dmi.board.vendor: Hewlett-Packard
  dmi.board.version: 35.12
  dmi.chassis.type: 10
  dmi.chassis.vendor: Hewlett-Packard
  dmi.chassis.version: Chassis Version
dmi:bvnInsyde:bvrF.68:bd09/21/2015:svnHewlett-Packard:pnHPPavilion15NotebookPC:pvr098B110000404100000620180:rvnHewlett-Packard:rn2186:rvr35.12:cvnHewlett-Packard:ct10:cvrChassisVersion: HP Pavilion 15 Notebook PC
  dmi.product.version: 098B110000404100000620180
  dmi.sys.vendor: Hewlett-Packard
  version.compiz: compiz 1:
  version.ia32-libs: ia32-libs N/A
  version.libdrm2: libdrm2 2.4.67-1ubuntu0.16.04.2
  version.libgl1-mesa-dri: libgl1-mesa-dri 11.2.0-1ubuntu2.2
  version.libgl1-mesa-dri-experimental: libgl1-mesa-dri-experimental N/A
  version.libgl1-mesa-glx: libgl1-mesa-glx 11.2.0-1ubuntu2.2
  version.xserver-xorg-core: xserver-xorg-core 2:1.18.4-0ubuntu0.1
  version.xserver-xorg-input-evdev: xserver-xorg-input-evdev 1:2.10.1-1ubuntu2
  version.xserver-xorg-video-ati: xserver-xorg-video-ati 1:7.7.0-1
  version.xserver-xorg-video-intel: xserver-xorg-video-intel 
  version.xserver-xorg-video-nouveau: xserver-xorg-video-nouveau 
  xserver.bootTime: Sat Oct  1 07:28:56 2016
  xserver.configfile: default
  xserver.logfile: /var/log/Xorg.0.log
   product id                                 927 
   vendor                                     LGD
  xserver.version: 2:1.18.4-0ubuntu0.1

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to