Bug#249325: Title change escape sequence can crash gnome-terminal
Arnaud Patard Rtp
arnaud.patard@rtp-net.org (Arnaud Patard (Rtp)),
249325@bugs.debian.org
Tue, 18 May 2004 20:10:49 +0200
Enrico Zini <enrico@debian.org> writes:
> Package: gnome-terminal
> Version: 2.4.2-7
> Severity: critical
>
> Hello,
Hi,
>
> there's a bug in gnome-terminal, probably a missing boundary check on the
> parameter of the window title change escape sequence, which can cause it to
> crash (and possibly worse).
>
> Here's a script I wrote to try to reproduce the bug, originally observed
> because of a possible bug on 'mc' which sometimes changes the window title to
> garbage and crashes the terminal:
>
The bug that changes the window title to garbage is due to vte and pango (using mc is a way of triggering it) . It can be reproduced with this simple command line :
print $'\016\033]0;Garbage\007'
For more information about this problem, there are many bug report on the gnome's bugzilla (http://bugzilla.gnome.org/show_bug.cgi?id=121894,http://bugzilla.gnome.org/show_bug.cgi?id=107262,http://bugzilla.gnome.org/show_bug.cgi?id=138001)
>
> Besides being potentially dangerous (if well investigated and reproduced, I can
> imagine this could be the road to some arbitrary code execution), the bug is
Due to the nature of this bug, I'm not quite sure that it can lead to arbitrary code execution. I'll look further into the source code.
> also extremely annoying as it crashes all open terminals with everything that
> is inside.
I know that a crash with gnome terminal closes all open terminals but it'll always do that with all kind of crash. It's due to gnome terminal nature.
If you don't mind, I'll tag it as important
Regards, Arnaud