[screen-devel] [bug #45715] read access violation in MScrollH()

Kuang-che Wu Fri, 07 Aug 2015 07:40:46 -0700

URL:
  <http://savannah.gnu.org/bugs/?45715>


                 Summary: read access violation in MScrollH()
                 Project: GNU Screen
            Submitted by: kcwu
            Submitted on: Fri 07 Aug 2015 02:39:46 PM GMT
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: None
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

Reproduce step
$ screen -D -m printf '\x1b[8;;1t\xe3\x80\xb4\x1b[P'
Aborted

This crashed inside MScrollH with n=-1
at line
    clear_mline(ml, xe + 1 - n, n);
which calls memmove and n*4 as size.

this is detected by afl-fuzz





    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?45715>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/

[screen-devel] [bug #45715] read access violation in MScrollH()

Reply via email to