Public bug reported:
# lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04
# apt-cache policy nano
nano:
Installed: 2.5.3-2
Candidate: 2.5.3-2
Reproducer:
1. # nano -G
999999999999999999999999999999999999999999999999999999999999999999999999999
2. <ctrl-z>
3. # nano -G
999999999999999999999999999999999999999999999999999999999999999999999999999
4. <answer y/n to the lockfile question>
5. <nano should segfault>
Quick dissection:
Looking at function do_lockfile in files.c, it seems that promptstr is
statically allocated to 128 characters. Now with a sufficiently long filename,
the following sprintf() call will overflow the allocated promptstr buffer and
corrupt memory.
** Affects: nano (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- nano 2.5.3-2 on Xenial crashes when trying to access a lockfile
+ nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1641592
Title:
nano 2.5.3-2 on Xenial crashes with long paths on lockfiles
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nano/+bug/1641592/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
