Bug#249325: marked as done (Title change escape sequence can
crash gnome-terminal)
Debian Bug Tracking System
owner at bugs.debian.org
Sat Jan 28 02:18:09 UTC 2006
Your message dated Sat, 28 Jan 2006 00:08:21 -0200
with message-id <1138414101.8784.0.camel at localhost.localdomain>
and subject line bug fixed upstream
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 16 May 2004 18:49:28 +0000
>From zinie at cs.unibo.it Sun May 16 11:49:28 2004
Return-path: <zinie at cs.unibo.it>
Received: from pob.cs.unibo.it [130.136.10.114]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1BPQhT-0004pV-00; Sun, 16 May 2004 11:49:27 -0700
Received: from le1.cs.unibo.it (backle.cs.unibo.it [130.136.10.110])
by pob.cs.unibo.it (Postfix) with ESMTP
id 506862A63F; Sun, 16 May 2004 20:48:56 +0200 (CEST)
Received: from mitac (zinie at bettina.cs.unibo.it [130.136.4.66])
by le1.cs.unibo.it (8.9.3p2/8.9.3/Debian 8.9.3-21) with ESMTP id UAA25913;
Sun, 16 May 2004 20:48:43 +0200
X-Authentication-Warning: le1.cs.unibo.it: Host zinie at bettina.cs.unibo.it [130.136.4.66] claimed to be mitac
Received: from enrico by mitac with local (Exim 4.32)
id 1BPQax-0000ZE-7E; Sun, 16 May 2004 15:42:43 -0300
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Enrico Zini <enrico at debian.org>
To: Debian Bug Tracking System <submit at bugs.debian.org>
Subject: Title change escape sequence can crash gnome-terminal
X-Mailer: reportbug 2.58
Date: Sun, 16 May 2004 15:42:42 -0300
Message-Id: <E1BPQax-0000ZE-7E at mitac>
Sender: Enrico Zini <zinie at cs.unibo.it>
Delivered-To: submit at bugs.debian.org
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2004_03_25
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2004_03_25
X-Spam-Level:
Package: gnome-terminal
Version: 2.4.2-7
Severity: critical
Hello,
there's a bug in gnome-terminal, probably a missing boundary check on the
parameter of the window title change escape sequence, which can cause it to
crash (and possibly worse).
Here's a script I wrote to try to reproduce the bug, originally observed
because of a possible bug on 'mc' which sometimes changes the window title to
garbage and crashes the terminal:
#!/usr/bin/perl -w
srand $ARGV[0];
print "\033]0;";
for (my $i = 0; $i < 40000; $i++)
{
my $c = rand(200) + 55;
print chr($c) if ($c != 007);
}
print "\007";
You call it with a number which seeds the RND (to make the script predictable).
The bug is not deterministically reproductible: same script, same argument,
sometimes it crashes the terminal and sometimes not. It crashes it more often
if I run something terminal intensive on another tab of the same terminal, like
a 'while true; do find /; done'.
Besides being potentially dangerous (if well investigated and reproduced, I can
imagine this could be the road to some arbitrary code execution), the bug is
also extremely annoying as it crashes all open terminals with everything that
is inside.
Bye,
Enrico
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.5-1-686
Locale: LANG=it_IT at euro, LC_CTYPE=it_IT at euro
Versions of packages gnome-terminal depends on:
ii gnome-control-center 1:2.4.0-9 The GNOME Control Center for GNOME
ii libart-2.0-2 2.3.16-5 Library of functions for 2D graphi
ii libatk1.0-0 1.4.1-1 The ATK accessibility toolkit
ii libaudiofile0 0.2.6-3 Open-source version of SGI's audio
ii libbonobo2-0 2.4.3-1 Bonobo CORBA interfaces library
ii libbonoboui2-0 2.4.3-2 The Bonobo UI library
ii libc6 2.3.2.ds1-12 GNU C Library: Shared libraries an
ii libesd0 0.2.29-1 Enlightened Sound Daemon - Shared
ii libfontconfig1 2.2.2-2 generic font configuration library
ii libfreetype6 2.1.7-2 FreeType 2 font engine, shared lib
ii libgconf2-4 2.4.0.1-4 GNOME configuration database syste
ii libgcrypt1 1.1.12-4 LGPL Crypto library - runtime libr
ii libglade2-0 1:2.0.1-13 Library to load .glade files at ru
ii libglib2.0-0 2.2.3-1 The GLib library of C routines
ii libgnome2-0 2.4.0-11 The GNOME 2 library - runtime file
ii libgnomecanvas2-0 2.4.0-3 A powerful object-oriented display
ii libgnomeui-0 2.4.0.1-12 The GNOME 2 libraries (User Interf
ii libgnomevfs2-0 2.4.1-5 The GNOME virtual file-system libr
ii libgnomevfs2-common 2.4.1-5 The GNOME virtual file-system libr
ii libgnutls7 0.8.12-5 GNU TLS library - runtime library
ii libgtk2.0-0 2.2.4-6 The GTK+ graphical user interface
ii libice6 4.3.0.dfsg.1-1 Inter-Client Exchange library
ii libjpeg62 6b-9 The Independent JPEG Group's JPEG
ii libncurses5 5.4-3 Shared libraries for terminal hand
ii liborbit2 1:2.8.3-2 libraries for ORBit2 - a CORBA ORB
ii libpango1.0-0 1.2.5-4 Layout and rendering of internatio
ii libpopt0 1.7-4 lib for parsing cmdline parameters
ii libsm6 4.3.0.dfsg.1-1 X Window System Session Management
ii libstartup-notification0 0.6-2 library for program launch feedbac
ii libtasn1-0 0.1.2-1 Manage ASN.1 structures (runtime)
ii libvte4 1:0.11.10-8 Terminal emulator widget for GTK+
ii libx11-6 4.3.0.dfsg.1-1 X Window System protocol client li
ii libxft2 2.1.2-6 FreeType-based font drawing librar
ii libxml2 2.6.9-2 GNOME XML library
ii libxrender1 0.8.3-7 X Rendering Extension client libra
ii scrollkeeper 0.3.14-8 A free electronic cataloging syste
ii xlibs 4.3.0.dfsg.1-1 X Window System client libraries m
ii zlib1g 1:1.2.1-5 compression library - runtime
-- no debconf information
---------------------------------------
Received: (at 249325-done) by bugs.debian.org; 28 Jan 2006 02:08:32 +0000
>From guilherme.pastore at terra.com.br Fri Jan 27 18:08:32 2006
Return-path: <guilherme.pastore at terra.com.br>
Received: from loncoche.terra.com.br ([200.176.10.196])
by spohr.debian.org with esmtp (Exim 4.50)
id 1F2fVw-0004UT-FI
for 249325-done at bugs.debian.org; Fri, 27 Jan 2006 18:08:32 -0800
Received: from bugala.terra.com.br (bugala.terra.com.br [200.176.10.11])
by loncoche.terra.com.br (Postfix) with ESMTP id 4DACBD5004E
for <249325-done at bugs.debian.org>; Sat, 28 Jan 2006 00:08:30 -0200 (BRST)
X-Terra-Karma: -2%
X-Terra-Hash: 5504fb1b97dd865e17b3ff13ca4313d1
Received-SPF: pass (bugala.terra.com.br: domain of terra.com.br designates 200.176.10.11 as permitted sender) client-ip=200.176.10.11; envelope-from=guilherme.pastore at terra.com.br; helo=natrium.local;
Received: from natrium.local (c9066ade.virtua.com.br [201.6.106.222])
(authenticated user guilherme.pastore)
by bugala.terra.com.br (Postfix) with ESMTP id 15DE51DA4021
for <249325-done at bugs.debian.org>; Sat, 28 Jan 2006 00:08:30 -0200 (BRST)
Subject: bug fixed upstream
From: "Guilherme de S. Pastore" <guilherme.pastore at terra.com.br>
To: 249325-done at bugs.debian.org
Content-Type: text/plain
Date: Sat, 28 Jan 2006 00:08:21 -0200
Message-Id: <1138414101.8784.0.camel at localhost.localdomain>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1
Content-Transfer-Encoding: 7bit
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-1.0 required=4.0 tests=BAYES_01,RCVD_IN_SORBS
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Don't know when, but this bug was fixed upstream quite some time ago.
Closing.
Thanks!
--
Guilherme de S. Pastore (fatalerror)
<guilherme.pastore at terra.com.br>
More information about the Pkg-gnome-maintainers
mailing list