#130 Buffer overflow in SCREEN SECTION ACCEPT.

[Edward Hart]

See discussion [ba36036d] for the initial report by Gregory A Failing.

Copying what I said from the discussion:

[...] It's a buffer overflow.

Here's what seems to happen:

• when the ncurses screen is too full to fit in the [terminal], the [terminal] scrolls down
• any input is now followed by a load of spaces
• these are blindly written somewhere to the item accepting the data
• a buffer overflow occurs and the screen section data item is corrupted

This bug does not occur (for me) in my normal terminal (lxterm) on Ubuntu, but it does happen on in an emacs ansi-term buffer and in xterm on OpenSUSE.

ACCEPTing a screen section item with a subordinate item currently result in a buffer overflow and the corruption of the screen section item.

[Edward Hart]

Fixed (for me) as of [r513].

[Vincent (Bryan) Coen]

So would not the answer be to get line and column size and make sure
that any display do not exceed the dimensions?

Works in my applications.

[Edward Hart]

That could work. If the terminal is/becomes too small, we could pause the ACCEPT and issue a message like "Your terminal is too small. Please resize it to be at least x column and y lines.". Do you think that would be possible?

[Simon Sobisch]

I guess what Vince meant was it's the COBOL program who would need to check it if you want to issue a message - this is what CALL 'CBL_GET_SCR_SIZE' is for.

screenio.c should pause the ACCEPT directly.

But there should be a change in screenio.c to raise exceptions. Here is the list

EC-SCREEN                      Screen handling exception
EC-SCREEN-FIELD-OVERLAP    NF  Screen fields overlap
EC-SCREEN-IMP              Imp Implementor-defined screen handling exception
EC-SCREEN-ITEM-TRUNCATED   NF  Screen field too long for line
EC-SCREEN-LINE-NUMBER      NF  Screen item line number exceeds terminal size
EC-SCREEN-STARTING-COLUMN  NF  Screen item starting column exceeds line size

screenio.c currently only raises (look for cob_set_exception)

EC-IMP-ACCEPT              NF  Implementation-defined accept condition

Ed, can you please have a look at adding these exceptions to screenio.c and add the test cases for them?

Simon

[Vincent (Bryan) Coen]

On 27/02/15 08:32, Edward Hart wrote:

That could work. If the terminal is/becomes too small, we could pause
the ACCEPT and issue a message like "Your terminal is too small.
Please resize it to be at least /x/ column and /y/ lines.". Do you
think that would be possible?

No, if possible having checked the terminal sizing is to reset it using
a call to the terminal program itself to resize to the required width &
height.

I do not know how to do that (within a Cobol program) but if some one
does please advise us all.
Here my terminal progs are set to 80 x 43 andI test for size - height
and adjust my screen data to fit. Did think also of using wider screen
sizing but that was too tricky to deal with AND still cope with say 80
columns. Have to use the lowest denominator :)

Vince

[Edward Hart]

Thanks for clarifying Vincent and Simon. It's fine as it is, then.

Ed, can you please have a look at adding these exceptions to screenio.c and add the test cases for them?

Yeah, I'll see if I can add some exceptions. I'm not sure how to write tests for them, though. The testsuite just outputs to stdout not a terminal, so we'll need a way to test a terminal session.

[Edward Hart]

Fix confirmed [ba36036d#970a], so this bug can now be closed.