diff options
-rw-r--r-- | debian/changelog | 7 | ||||
-rw-r--r-- | encoding.c | 10 |
2 files changed, 16 insertions, 1 deletions
diff --git a/debian/changelog b/debian/changelog index b9e08ee..fb6202b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +screen (4.0.2-4.1sarge1) stable-security; urgency=high + + * Fix out-of-bands write when processing character codes in + UTF-8 sequences. (CVE-2006-4573) + + -- Moritz Muehlenhoff <jmm@debian.org> Tue, 24 Oct 2006 21:39:21 +0000 + screen (4.0.2-4.1) unstable; urgency=low * Non-maintainer upload @@ -995,8 +995,16 @@ struct mchar *mc; { /* full, recycle old entry */ if (c1 >= 0xd800 && c1 < 0xe000) - comb_tofront(root, c1); + comb_tofront(root, c1 - 0xd800); i = combchars[root]->prev; + if (c1 == i + 0xd800) + { + /* completely full, can't recycle */ + debug("utf8_handle_comp: completely full!\n"); + mc->image = '?'; + mc->font = 0; + return; + } /* FIXME: delete old char from all buffers */ } else if (!combchars[i]) |