Ubuntu
vte2.91 package

Control sequence '\e]104;x\a' hangs in libvte

Bug #2022019 reported by Jeffrey
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
vte2.91 (Ubuntu)
Fix Released
High
Unassigned

Bug Description

The command:
$ printf '\e]104;x\a'
will cause either gnome-terminal or xfce4-terminal to enter an infinite loop inside libvte-2.91.so.0.

I believe the problem is in src/vteseq.cc in the Terminal::reset_color function:

        while (token != endtoken) {
                int value;
                if (!token.number(value))
                        continue;

                int index;
                if (get_osc_color_index(osc, value, index) &&
                    index != -1) {
                        reset_color(index, VTE_COLOR_SOURCE_ESCAPE);
                }

                ++token;
        }

When token doesn't point to a valid number, then "continue" bypasses the ++token line and will just re-parse the same token over again.

Revision history for this message
Egmont Koblinger (egmont-gmail) wrote :

Thanks for the report. Forwarded upstream: https://gitlab.gnome.org/GNOME/vte/-/issues/2631

Revision history for this message
Sebastien Bacher (seb128) wrote :

Upstream fixed it in https://gitlab.gnome.org/GNOME/vte/-/commit/dce7b5f0 now

Changed in vte2.91 (Ubuntu):
importance: Undecided → High
status: New → Fix Committed
tags: added: rls-ll-incoming
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package vte2.91 - 0.72.2-1

---------------
vte2.91 (0.72.2-1) experimental; urgency=medium

  * New upstream release
    - Includes fix for an infinite loop processing OSC 104.
      A malicious program accessed via ssh, telnet or similar protocols could
      use this as a denial of service.
      (Closes: #1037919, LP: #2022019; vte#2631 upstream)

 -- Jeremy Bícha <email address hidden> Wed, 14 Jun 2023 16:54:36 -0400

Changed in vte2.91 (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.