Subject: lib/26404: curses getcap(3) causes segfault
To: None <>
From: None <>
List: netbsd-bugs
Date: 07/22/2004 12:35:45
>Number:         26404
>Category:       lib
>Synopsis:       curses getcap(3) causes segfault
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 22 11:56:00 UTC 2004
>Originator:     Peter Bex
>Release:        NetBSD 2.0_BETA
System: NetBSD 2.0_BETA NetBSD 2.0_BETA (FROHIKE) #1: Tue Jul 6 14:42:10 CEST 2004 i386
Architecture: i386
Machine: i386
	Even if used properly, getcap(3) causes a segmentation fault.
	This occurs because even though _cursesi_setterm checks for problems
	with t_getent (using the local `unknown' variable), getcap ignores
	any problems.

The following code causes a segfault (with TERM="xterm").
#include <stdio.h>
#include <wchar.h>
#include <curses.h>

	char *cap;

	if (initscr() == NULL)
		printf("FATAL: initscr failed!\n");

	cap = getcap("bs");


	return 0;


Check for NULL in _cursesi_genbuf.  t_getent will set the passed buffer
pointer to NULL if an error occurred.  This buffer is _cursesi_genbuf.

Index: setterm.c
RCS file: /cvsroot/src/lib/libcurses/setterm.c,v
retrieving revision 1.38
diff -u -r1.38 setterm.c
--- setterm.c	21 Oct 2003 00:30:05 -0000	1.38
+++ setterm.c	22 Jul 2004 10:31:50 -0000
@@ -418,6 +418,9 @@
 char	*
 getcap(char *name)
+	if (_cursesi_genbuf == NULL)
+		return NULL;
 	return (t_agetstr(_cursesi_genbuf, name));