mosh-server aborts in Framebuffer::resize when client sends initial winsize 0x0

[rszrszrsz]

Hi,

I found a reproducible crash in mosh-server when the client side starts with a PTY reporting terminal size 0 0.

Environment:

• Server: Ubuntu 24.04.4 LTS
• Packaged mosh: 1.4.0-1ubuntu3
• Also reproduced on upstream master: decd9b7
• Built from source with default configure options
• Architecture: x86_64

Observed behavior:
mosh-server starts normally, receives the first UDP packet from the client, then aborts with SIGABRT.

Backtrace:

#4 abort()
#5 __assert_fail_base(
    assertion="s_width > 0",
    file="terminalframebuffer.cc",
    line=408,
    function="Terminal::Framebuffer::resize(int, int)"
)

On the Ubuntu package the same assertion is at approximately line 403.

The failing function is:

void Framebuffer::resize( int s_width, int s_height )
{
  assert( s_width > 0 );
  assert( s_height > 0 );
  ...
}

Reproducer:

script -q /dev/null mosh --server=/path/to/mosh-server host

In my environment, script -q /dev/null creates a PTY whose stty size reports 0 0. This causes the client to send an initial resize/state with width or height equal to zero. The server then aborts on the assertion after receiving the first UDP packet.

Expected behavior:
mosh-server should not abort when it receives an invalid terminal resize such as 0x0. It should either ignore the invalid resize, clamp it to a safe default, or wait for the next valid resize from the client.

Local patch tested:
I tested a minimal local change that ignores invalid resize requests:

void Framebuffer::resize( int s_width, int s_height )
{
  if ( s_width <= 0 || s_height <= 0 ) {
    return;
  }

  ...
}

Result:

The crash disappears.
mosh-server no longer produces a coredump.
The same reproducer no longer kills the server.
make check passes.
A normal control test with valid terminal size works and produces bidirectional UDP traffic.

[cgull]

I'm not comfortable with that local patch, a window size of 0x0 is anything but well tested in the rest of Mosh.  I think it'd be better to have the client error out more cleanly on a window size with rows or columns set to 0, it can't really do anything sensible in that case anyway.  Perhaps client and server should even require a minimum window size like 16 columns and 4 rows. Currently 1.4.0 `mosh-client` seems to die with `Error: vector` but only after failing to get a response from the server. @rszrszrsz if you need non-interactive testing of Mosh, you really should use `tmux` or similar to present a pty set to a reasonable size.

…

On 4/25/26 3:57 PM, rszrszrsz wrote: *rszrszrsz* created an issue (mobile-shell/mosh#1386) <#1386> Hi, I found a reproducible crash in |mosh-server| when the client side starts with a PTY reporting terminal size |0 0|. Environment: * Server: Ubuntu 24.04.4 LTS * Packaged mosh: 1.4.0-1ubuntu3 * Also reproduced on upstream master: |decd9b7| * Built from source with default configure options * Architecture: x86_64 Observed behavior: |mosh-server| starts normally, receives the first UDP packet from the client, then aborts with SIGABRT. Backtrace: |#4 abort() #5 __assert_fail_base( assertion="s_width > 0", file="terminalframebuffer.cc", line=408, function="Terminal::Framebuffer::resize(int, int)" ) | On the Ubuntu package the same assertion is at approximately line 403. The failing function is: |void Framebuffer::resize( int s_width, int s_height ) { assert( s_width > 0 ); assert( s_height > 0 ); ... } | Reproducer: |script -q /dev/null mosh --server=/path/to/mosh-server host | In my environment, script -q /dev/null creates a PTY whose stty size reports 0 0. This causes the client to send an initial resize/state with width or height equal to zero. The server then aborts on the assertion after receiving the first UDP packet. Expected behavior: mosh-server should not abort when it receives an invalid terminal resize such as 0x0. It should either ignore the invalid resize, clamp it to a safe default, or wait for the next valid resize from the client. Local patch tested: I tested a minimal local change that ignores invalid resize requests: |void Framebuffer::resize( int s_width, int s_height ) { if ( s_width <= 0 || s_height <= 0 ) { return; } ... } | Result: The crash disappears. mosh-server no longer produces a coredump. The same reproducer no longer kills the server. make check passes. A normal control test with valid terminal size works and produces bidirectional UDP traffic. — Reply to this email directly, view it on GitHub <#1386>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAOYLTMJ7KIHVYZCMOWWRKL4XUKCJAVCNFSM6AAAAACYGLYDIKVHI2DSMVQWIX3LMV43ASLTON2WKOZUGMZDSMBYGI2DGOA>. Triage notifications, keep track of coding agent tasks and review pull requests on the go with GitHub Mobile for iOS <https://github.com/notifications/mobile/ios/AAOYLTN6U7DCAX6IGWMRNGT4XUKCJA5CNFSL4Z3JMQ5C6L3HNF2C22DVMIXUS43TOVSS6NBTGI4TAOBSGQZTRJTSMVQXG33OVJZXKYTTMNZGSYTFMSSWK5TFNZ2KUZTPN52GK4S7NFXXG> and Android <https://github.com/notifications/mobile/android/AAOYLTLAFOZOI4WDJQZFNHL4XUKCJA5CNFSL4Z3JMQ5C6L3HNF2C22DVMIXUS43TOVSS6NBTGI4TAOBSGQZTRJTSMVQXG33OVJZXKYTTMNZGSYTFMSSWK5TFNZ2K4ZTPN52GK4S7MFXGI4TPNFSA>. Download it today! You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>