NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: lib/42412 (atc(6) segfaults on invalid $TERM)
The following reply was made to PR lib/42412; it has been noted by GNATS.
From: David Holland <dholland-bugs%netbsd.org@localhost>
To: gnats-bugs%netbsd.org@localhost
Cc:
Subject: Re: lib/42412 (atc(6) segfaults on invalid $TERM)
Date: Sun, 6 Dec 2009 10:36:10 +0000
On Sun, Dec 06, 2009 at 07:01:25AM +0000, dholland%NetBSD.org@localhost wrote:
> Problem is in curses.
Based on some digging and discussion in chat:
Index: screen.c
===================================================================
RCS file: /cvsroot/src/lib/libcurses/screen.c,v
retrieving revision 1.21
diff -u -p -r1.21 screen.c
--- screen.c 8 Dec 2007 18:38:11 -0000 1.21
+++ screen.c 6 Dec 2009 10:30:24 -0000
@@ -117,7 +117,7 @@ newterm(char *type, FILE *outfd, FILE *i
if ((type == NULL) && (sp = getenv("TERM")) == NULL)
return NULL;
- if ((new_screen = (SCREEN *) malloc(sizeof(SCREEN))) == NULL)
+ if ((new_screen = calloc(1, sizeof(SCREEN))) == NULL)
return NULL;
#ifdef DEBUG
The problem is that logic inside _cursesi_setterm and t_goto is
assuming that the CM field will be null if the terminal type is
unknown, but it's getting trash instead. Something fairly recently
(perhaps time_t?) reshuffled the malloc behavior and the resulting
memory layout, so malloc is now handing back memory that's been used
rather than still-zero memory. This is why it only broke recently even
though this logic in curses hasn't been touched in years.
Judging by how much of the SCREEN contains trash in the failure case,
and based on the presumption that there may be other similar logic
elsewhere, it seems like unconditionally clearing the thing is the
best approach. (Especially for the stable branches.)
--
David A. Holland
dholland%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index