Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

zsh can output non-printable characters to the terminal in some error messages

X-seq: zsh-workers 54739
From: Vincent Lefevre <vincent@xxxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: zsh can output non-printable characters to the terminal in some error messages
Date: Wed, 10 Jun 2026 11:51:38 +0200
Archived-at: <https://zsh.org/workers/54739>
List-id: <zsh-workers.zsh.org>
Mail-followup-to: zsh-workers@xxxxxxx

zsh 5.9.1 and below can output non-printable characters to the terminal
(such as escape sequences) in some error messages.

This may be a security vulnerability if a user creates a file name with
malicious escape sequences in it.

qaa% file=file$'\033'\[H$'\033'\[c$'\n'$'\b'
qaa% touch $file
qaa% chmod 0 $file

The following one is fine:

qaa% : < $file
zsh: permission denied: file^[[H^[[c\n^H

But create a test.zsh script with

foo=$(<$1)

Then the following command outputs the escapes to the terminal
due to the "Permission denied" error:

qaa% ./test.zsh $file

(to be run in an xterm-compatible terminal).

-- 
Vincent Lefèvre <vincent@xxxxxxxxxx> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Follow-Ups:
- Re: zsh can output non-printable characters to the terminal in some error messages
  - From: Mikael Magnusson

Messages sorted by: Reverse Date, Date, Thread, Author