On 10/25/06, Ben Lovett <[hidden email]> wrote:
> On Wed, Oct 25, 2006 at 11:05:35AM +0200, Marc Balmer wrote:
> > screen 4.0.2 is vulnerable and allows for a DoS attack. This updates
> > screen to version 4.0.3 which is not vulnerable.
> > ok?
> Works fine for me on i386 (3.9-stable and -current).
I know it's late, since the update has been committed, but it
coredumps on an Alpha running the October 10th snapshot if I try to
switch to the window that's already active (i.e. hitting C-a 0 when in
the 0 window) or to a non-existent window (i.e. hitting C-a 4 when
there are only 2 windows).
If anyone wants to look into this, please email me for a .core file and a dmesg.
> I know it's late, since the update has been committed, but it
> coredumps on an Alpha running the October 10th snapshot if I try to
> switch to the window that's already active (i.e. hitting C-a 0 when in
> the 0 window) or to a non-existent window (i.e. hitting C-a 4 when
> there are only 2 windows).
Or simply checking the window, C-a w.
However, this is not due to the tiny change in this update, rather
4.0.2 is already affected.
> Here's a fix for screen dying on C-w etc on alpha.
> The problem is that the autoconf test for vsprintf() erroneously
> fails and the build falls back on an implementation included with
> screen, which is miscompiled by gcc with optimization turned on.
> The bandaid below helps the autoconf test. I don't like it, but
> gcc on alpha spews errors on both a simple
> as well as
> If anybody has a better idea... something that could go in upstream...
I'm pretty sure 0 for a va_list arg is illegal, and your fix looks