URL:
  <http://savannah.gnu.org/bugs/?53934>

                 Summary: Scrollback buffer allows exceeding available memory
and DoS conditions.
                 Project: GNU Screen
            Submitted by: kyrian
            Submitted on: Thu 17 May 2018 08:33:56 PM UTC
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.0.3
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

PREAMBLE:

Admittedly here, for a lot of values, it will revert the scrollback buffer to
'0' if you put in a stupid value, however screen's definition of "stupid
value" does not seem to extend to one that includes exhausting all physical
memory and sending the system into a spin.

My guess is that screen protects itself against numeric data type overflows,
but not against exhausting all available system memory.

VERSION:

$ screen -v
Screen version 4.03.01 (GNU) 28-Jun-15

BEFORE:

top - 21:03:26 up 3 min,  2 users,  load average: 2.31, 2.40, 1.04
Tasks: 240 total,   1 running, 238 sleeping,   0 stopped,   1 zombie
%Cpu(s):  0.9 us,  0.6 sy,  0.0 ni, 98.3 id,  0.2 wa,  0.0 hi,  0.0 si,  0.0
st
KiB Mem :  8174732 total,  5996544 free,   388212 used,  1789976 buff/cache
KiB Swap:  8122364 total,  8122364 free,        0 used.  7477156 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
 3364 kyrian    20   0   27192   2660   2160 S   0.0  0.0   0:00.00 screen
 3363 kyrian    20   0   27052   2828   2608 S   0.0  0.0   0:00.00 screen

CAUSE PROBLEM:

[CTRL]+A
:scrollback 99999999

AFTER:

top - 21:13:10 up 5 min,  2 users,  load average: 1.36, 1.04, 0.50
Tasks: 189 total,   2 running, 187 sleeping,   0 stopped,   0 zombie
%Cpu(s): 26.2 us,  3.0 sy,  0.0 ni, 67.8 id,  3.0 wa,  0.0 hi,  0.0 si,  0.0
st
KiB Mem :  8174732 total,  1552664 free,  6082440 used,   539628 buff/cache
KiB Swap:  8122364 total,  8122364 free,        0 used.  1806336 avail Mem

  PID USER      PR  NI    VIRT    RES    SHR S  %CPU %MEM     TIME+ COMMAND
 2271 kyrian    20   0 9564488 5.586g   2072 R  93.8 71.7   0:13.14 screen
...
 2270 kyrian    20   0   27052   2784   2560 S   0.0  0.0   0:00.00 screen

FINAL:

I noticed this at work on another system with another version of screen, and
only now got around to regaining savannah access and filing it by testing on
my own system. I've crashed my computer out far too many times trying to file
this bug to get a snapshot of 'top' when closer to the mark of an actual
crash, but suffice to say the kernel panic that eventually appeared on screen
was about unable to page memory, and required a reboot to get things back.

It would probably be good to get this fixed quickly because of how pervasive
screen is, and how easy this is to bring a system down.




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?53934>

_______________________________________________
  Message sent via Savannah
  https://savannah.gnu.org/


Reply via email to