Hi, On Wed, Aug 13, 2025 at 07:00:58PM +0200, Vincent Lefevre wrote: > The following makes the xterm terminal crash > > touch "$(printf "file\e[H\e[c\n\b")" > gunzip file* > > due to malicious character sequences in the file name and a bug in > xterm. Same issue with bunzip2 instead of gunzip.
I do not expect this to only happen with gunzip and bzip2. Does this happen with any program that prints the filename without any escaping, e.g., "echo file*", and most programs that print the provided filename when reporting any associated problem (i.e., all that do not escape or suppress non-printable filename characters or bytes)? > [...] Best regards, Erik
