slang-users mailing list

[2023 Date Index] [2023 Thread Index] [Other years]
[Thread Prev] [Thread Next] [Date Prev] [Date Next]

Re: [slang-users] Possible FPE in tt_sprintf()

Subject: Re: [slang-users] Possible FPE in tt_sprintf()
From: "John E. Davis" <jed@xxxxxxxxxxx>
Date: Sun, 23 Jul 2023 12:37:16 -0400

Jerry Meng <jerrytstng@xxxxxxxxx> wrote:
> Hello,
>
> mc is one application that uses the S-Lang library. While running mc on
> Ubuntu 22.04, we observed one FPE bug as follows:
>
> Program received signal SIGFPE, Arithmetic exception.
> 0x00007ffde904e6fe in tt_sprintf (buf=0x7fffffffdab0
> "{1000}/\203\065\065.2X/0.2X\033\\", buflen=1024, fmt=0x5555556ba925
[...]

Here is some "independent" evidence that your terminfo file is
corrupt:

   $ cat /dev/null | TERM=xterm-256color less > /dev/null
   "?", line 0, col 0: corrupt data found in convert_strings

And here is a simple patch to slang/src/sltermin.c that detects the
corruption:

diff --git a/src/sltermin.c b/src/sltermin.c
index 20784e2..b9650ce 100644
--- a/src/sltermin.c
+++ b/src/sltermin.c
@@ -678,6 +678,11 @@ char *_pSLtt_tigetstr (SLterminfo_Type *t, SLCONST char *cap)
    if (offset < 0) return NULL;
    offset = make_integer16 (t->string_offsets + 2 * offset);
    if (offset < 0) return NULL;
+   if ((unsigned int)offset >= t->string_table_size)
+     {
+       return NULL;
+     }
+
    return t->string_table + offset;
 }

Thanks,
--John
_______________________________________________
For list information, visit <http://jedsoft.org/slang/mailinglists.html>.

References:
- [slang-users] Possible FPE in tt_sprintf()
  - From: Jerry Meng

[2023 date index] [2023 thread index]
[Thread Prev] [Thread Next] [Date Prev] [Date Next]