Bug 2363534 - Running screen commands from prompt/script results in buffer overflow
Summary: Running screen commands from prompt/script results in buffer overflow
Keywords:
Status: NEW
Alias: None
Product: Fedora
Classification: Fedora
Component: screen
Version: 42
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Josef Ridky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2025-05-01 16:03 UTC by DZ
Modified: 2025-06-14 08:55 UTC (History)
5 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Type: ---
Embargoed:

Attachments (Terms of Use)

Description DZ 2025-05-01 16:03:21 UTC 
After I’ve updated several machines to F42, my rc-local.service exits when running screens. It creates the first one, and then exists as buffer overflow.
If I run it manually it also reports buffer overflow. ie simple command 
uname -a
# screen -S d -X screen 3 bash -c 'uname -a; exec bash'
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#

Is screen version (5.0.0-2.fc42) and system updated since May.1st.2025
systemctl status rc-local.service shows:

Process 22909 (screen) of user 0 dumped core.
                                                       
Module /usr/bin/screen from rpm screen-5.0.0-2.fc42.x86_64
Module libcap-ng.so.0 from rpm libcap-ng-0.8.5-4.fc42.x86_64
Module libeconf.so.0 from rpm libeconf-0.7.6-1.fc42.x86_64
Module libaudit.so.1 from rpm audit-4.0.3-2.fc42.x86_64
Module libpam.so.0 from rpm pam-1.7.0-4.fc42.x86_64
Module libtinfo.so.6 from rpm ncurses-6.5-5.20250125.fc42.x86_64
Stack trace of thread 22909:
#0  0x00007f674bd53e5c __pthread_kill_implementation (libc.so.6 + 0x72e5c)
#1  0x00007f674bcfaabe raise (libc.so.6 + 0x19abe)
#2  0x00007f674bce26d0 abort (libc.so.6 + 0x16d0)
#3  0x00007f674bce36f3 __libc_message_impl.cold (libc.so.6 + 0x26f3)
#4  0x00007f674bde0389 __fortify_fail (libc.so.6 + 0xff389)
#5  0x00007f674bddfce4 __chk_fail (libc.so.6 + 0xfece4)
#6  0x00007f674bde1949 __strncpy_chk (libc.so.6 + 0x100949)
#7  0x000055c9a6b47835 main (/usr/bin/screen + 0x3835)
#8  0x00007f674bce45f5 __libc_start_call_main (libc.so.6 + 0x35f5)
#9  0x00007f674bce46a8 __libc_start_main@@GLIBC_2.34 (libc.so.6 + 0x36a8)
#10 0x000055c9a6b49205 _start (/usr/bin/screen + 0x5205)
ELF object binary architecture: AMD x86-64



Reproducible: Always

Steps to Reproduce:
1.Boot Fedora 42
2.run screen command to add new screen or issue command via staff
ie: screen -S d -X screen 2 bash -c 'uname -a; exec bash'
or: screen -S d -p 1 -X stuff $'ls /etc \n'
(normally screen 1 gets created but further ones not any more)

Actual Results:
*** buffer overflow detected ***: terminated
Aborted (core dumped)

Expected Results:
new screen get created and command specified executed
Comment 1 Ting-Wei Lan 2025-05-14 11:53:04 UTC 
The bug should be fixed by 5.0.1:
https://git.savannah.gnu.org/cgit/screen.git/commit/?h=screen-v5&id=2bdebfc9837cfd3cea0645030e626b08bb6bc2d0
Comment 2 DZ 2025-05-16 06:46:21 UTC 
Thanks,
Do you think it will also handle error when trying to detach screen with command.  It consistently happens on all machines that I try. Unless I do CTRL-a D, and I can attach it via command

```
root@muc:~# screen -ls
There is a screen on:
	5075.d	(Attached)
1 Socket in /root/.screen.
root@muc:~# screen -d d
Cannot find terminfo entry for ''.
root@muc:~# screen -d 5075.d
Cannot find terminfo entry for ''.
root@muc:~# 

```
Comment 3 Ting-Wei Lan 2025-05-17 12:05:46 UTC 
I tested it, and no, it is still broken. screen -d fails, but both screen -d -r and screen -x works.
Comment 4 DZ 2025-05-17 19:05:17 UTC 
Thanks for the update.  I presume it is probably something to do screen variable TERM, that it can't retrieve....  I was playing a bit to define TERM=screen.xterm-256color before trying to detach, but it didn't work, but if screen -d -r  works (I presume this detaches and attaches at once) then it's OK, and usable, as I can detach with CTRL-A d
Have you also tried to send command to screen?
ie
#screen -S d -p 1 -X stuff $'ls /etc \n'
Comment 5 Ting-Wei Lan 2025-06-05 12:54:45 UTC 
This seems to work. By the way, since my screen configuration depends on screen -X, I made a temporary Copr for screen 5.0.1:
https://copr.fedorainfracloud.org/coprs/lantw44/screen-f42/

I intentionally set Release to 0 to allow upgrading to the official package after 5.0.1 reaches Fedora stable.
Comment 6 sedi343 2025-06-14 08:55:06 UTC 
I observed the exact same problem.

> screen -S minecraft -X stuff $'say Test\r'
*** buffer overflow detected ***: terminated
Aborted


> screen --version
Screen version 5.0.0 (build on 2025-01-19 00:01:00) 

> fastfetch
             .',;::::;,'.                 server@minecraft-server
         .';:cccccccccccc:;,.             -----------------------
      .;cccccccccccccccccccccc;.          OS: Fedora Linux 42 (Container Image) x86_64
    .:cccccccccccccccccccccccccc:.        Host: MS-A2 (1.0)
  .;ccccccccccccc;.:dddl:.;ccccccc;.      Kernel: Linux 6.8.12-11-pve
 .:ccccccccccccc;OWMKOOXMWd;ccccccc:.     Uptime: 15 hours, 33 mins
.:ccccccccccccc;KMMc;cc;xMMc;ccccccc:.    Packages: 604 (rpm)
,cccccccccccccc;MMM.;cc;;WW:;cccccccc,    Shell: bash 5.2.37
:cccccccccccccc;MMM.;cccccccccccccccc:    Terminal: /dev/pts/3
:ccccccc;oxOOOo;MMM000k.;cccccccccccc:    CPU: AMD Ryzen 9 9955HX (4) @ 5.46 GHz
cccccc;0MMKxdd:;MMMkddc.;cccccccccccc;    GPU: AMD Radeon Graphics [Integrated]
ccccc;XMO';cccc;MMM.;cccccccccccccccc'    Memory: 5.28 GiB / 8.00 GiB (66%)
ccccc;MMo;ccccc;MMW.;ccccccccccccccc;     Swap: 0 B / 8.00 GiB (0%)
ccccc;0MNc.ccc.xMMd;ccccccccccccccc;      Disk (/): 23.87 GiB / 46.95 GiB (51%) - ext4
cccccc;dNMWXXXWM0:;cccccccccccccc:,       Local IP (eth0): 192.168.178.7/24
cccccccc;.:odl:.;cccccccccccccc:,.        Locale: C.UTF-8
ccccccccccccccccccccccccccccc:'.
:ccccccccccccccccccccccc:;,..                                     
 ':cccccccccccccccc::;,.
Note You need to log in before you can comment on or make changes to this bug.