NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: lib/42412 (atc(6) segfaults on invalid $TERM)

The following reply was made to PR lib/42412; it has been noted by GNATS.

From: David Holland <>
Subject: Re: lib/42412 (atc(6) segfaults on invalid $TERM)
Date: Sun, 6 Dec 2009 10:36:10 +0000

 On Sun, Dec 06, 2009 at 07:01:25AM +0000, wrote:
  > Problem is in curses.
 Based on some digging and discussion in chat:
 Index: screen.c
 RCS file: /cvsroot/src/lib/libcurses/screen.c,v
 retrieving revision 1.21
 diff -u -p -r1.21 screen.c
 --- screen.c   8 Dec 2007 18:38:11 -0000       1.21
 +++ screen.c   6 Dec 2009 10:30:24 -0000
 @@ -117,7 +117,7 @@ newterm(char *type, FILE *outfd, FILE *i
        if ((type == NULL) && (sp = getenv("TERM")) == NULL)
                return NULL;
 -      if ((new_screen = (SCREEN *) malloc(sizeof(SCREEN))) == NULL)
 +      if ((new_screen = calloc(1, sizeof(SCREEN))) == NULL)
                return NULL;
  #ifdef DEBUG
 The problem is that logic inside _cursesi_setterm and t_goto is
 assuming that the CM field will be null if the terminal type is
 unknown, but it's getting trash instead. Something fairly recently
 (perhaps time_t?) reshuffled the malloc behavior and the resulting
 memory layout, so malloc is now handing back memory that's been used
 rather than still-zero memory. This is why it only broke recently even
 though this logic in curses hasn't been touched in years.
 Judging by how much of the SCREEN contains trash in the failure case,
 and based on the presumption that there may be other similar logic
 elsewhere, it seems like unconditionally clearing the thing is the
 best approach. (Especially for the stable branches.)
 David A. Holland

Home | Main Index | Thread Index | Old Index