Skip to content

Fix for a crash caused by buffer-overflow in case of '>=1024' columns

Łukasz Kotula requested to merge lukaszkotula/konsole:master_bug_330066 into master

'Konsole::Screen` defined an array of 1024 elements, where user may resize the konsole to have more columns than this array can handle. Selecting a row in such case, is going to cause a buffer-overflow.

Tests

  • manual tests
  • added a new UT that reproduces the fault:

User may reproduce the issue by cherry-picking c7d8b4570f5ba52651190f276e450ff8bfb3fb0f and building new added test-executable with "address-sanitizer":

$ /kde/build/konsole/src/autotests/ScreenTest
******** Start testing of Konsole::ScreenTest *********
Config: Using QtTest library 5.14.2, Qt 5.14.2 (x86_64-little_endian-lp64 shared (dynamic) release build; by GCC 7.5.0)
PASS   : Konsole::ScreenTest::initTestCase()
PASS   : Konsole::ScreenTest::testLargeScreenCopyShortLine()
PASS   : Konsole::ScreenTest::testLargeScreenCopyEmptyLine()
=================================================================
==18826==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f5e91da27c0 at pc 0x7f5e91964588 bp 0x7fffe17f8b90 sp 0x7fffe17f8b80
WRITE of size 15 at 0x7f5e91da27c0 thread T0
    #0 0x7f5e91964587 in Konsole::Screen::copyLineToStream(int, int, int, Konsole::TerminalCharacterDecoder*, bool, QFlags<Konsole::Screen::DecodingOption>) const /home/lukasz/kde/src/konsole/src/Screen.cpp:1356
    #1 0x7f5e91964937 in Konsole::Screen::writeToStream(Konsole::TerminalCharacterDecoder*, int, int, QFlags<Konsole::Screen::DecodingOption>) const /home/lukasz/kde/src/konsole/src/Screen.cpp:1264
    #2 0x7f5e9196def1 in Konsole::Screen::text(int, int, QFlags<Konsole::Screen::DecodingOption>) const /home/lukasz/kde/src/konsole/src/Screen.cpp:1224
    #3 0x7f5e9196e23c in Konsole::Screen::selectedText(QFlags<Konsole::Screen::DecodingOption>) const /home/lukasz/kde/src/konsole/src/Screen.cpp:1205
    #4 0x55c0ea431926 in Konsole::ScreenTest::testLargeScreenCopyVerify(QString const&, QString const&) /home/lukasz/kde/src/konsole/src/autotests/ScreenTest.cpp:41
    #5 0x55c0ea43266f in Konsole::ScreenTest::testLargeScreenCopyLongLine() /home/lukasz/kde/src/konsole/src/autotests/ScreenTest.cpp:69

Notes

On my machine following two test fail (on base and base+fix): 88% tests passed, 2 tests failed out of 16

Total Test time (real) =   7.93 sec

The following tests FAILED:
      8 - PartTest (Failed)
     15 - TerminalInterfaceTest (Failed)

Merge request reports