integer overflow in terminaldispatcher.cc #274

Closed
lindi2 opened this Issue May 16, 2012 · 0 comments

2 participants

@lindi2

This is slightly related to issue #271 but currently not seriously exploitable, just confusing. The command

echo -en "\e[4294967336B"

moves the cursor 42 lines down. This is unexpected since the fix for #271 set the upper limit to 65535, right? It turns out that there's an integer overflow in terminaldispatcher.cc on line

int val = strtol( segment_begin, &endptr, 10 );

where strtol actually returns "long int".

@keithw keithw closed this in 1cf12f9 May 16, 2012
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment