screen-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[screen-devel] [bug #43862] use-after-free, etc.

From: anonymous
Subject: [screen-devel] [bug #43862] use-after-free, etc.
Date: Sun, 21 Dec 2014 22:03:37 +0000
User-agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:34.0) Gecko/20100101 Firefox/34.0 
URL:
  <http://savannah.gnu.org/bugs/?43862>

                 Summary: use-after-free, etc.
                 Project: GNU Screen
            Submitted by: None
            Submitted on: Sun 21 Dec 2014 10:03:36 PM UTC
                Category: Crash/Freeze/Infloop
                Severity: 3 - Normal
                Priority: 5 - Normal
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.2.1
           Fixed Release: None
         Planned Release: None
           Work Required: None

    _______________________________________________________

Details:

Hi,

In canvas.c on lines 772-783(aprox.)
"cv->c_slback" may be freed, but then used.



777      FreePerp(cv->c_slprev ? cv->c_slprev : cv->c_slnext);
778      FreePerp(cv->c_slback);
779    }
780  xs = cv->c_slback->c_xs;
781  xe = cv->c_slback->c_xe;
782  ys = cv->c_slback->c_ys;
783  ye = cv->c_slback->c_ye;


Which could either cause a crash, or "undefined behavior".




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?43862>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.gnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]