bin/60001: NULL dereference in libcurses

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: bin/60001: NULL dereference in libcurses
From: "imuwoto%gmail.com@localhost via gnats" <gnats-admin%NetBSD.org@localhost>
Date: Sat, 14 Feb 2026 11:00:01 +0000 (UTC)

>Number:         60001
>Category:       bin
>Synopsis:       NULL dereference in libcurses
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Feb 14 11:00:00 +0000 2026
>Originator:     YAMAMOTO Takashi
>Release:        NetBSD 10.1
>Organization:
>Environment:
NetBSD uma 10.1 NetBSD 10.1 (GENERIC) #0: Mon Dec 16 13:08:11 UTC 2024  mkrepro%mkrepro.NetBSD.org@localhost:/usr/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
NULL dereference in libcurses

some data points:

* it crashed when i did ":w" on vi
* TERM=screen, inside tmux
* no LC_xxx or LANG set
* vi was invoked by git during "git rebase -i xxx"
* it was on a clone of https://github.com/NetBSD/src
* it's reproducible on the repo
* a workaround: TERM=vt100

(gdb) bt
#0  0x00007aa483a1d8d2 in putchbr (wx=79, wy=39, psp=0x0, csp=0x7aa483ce2ba0, 
    nsp=0x7aa483cc5ae0) at /usr/src/lib/libcurses/refresh.c:1076
#1  makech (wy=<optimized out>) at /usr/src/lib/libcurses/refresh.c:1406
#2  doupdate () at /usr/src/lib/libcurses/refresh.c:707
#3  0x00000000c640c88c in cl_refresh (sp=0x7aa483d72000, repaint=0)
    at /usr/src/external/bsd/nvi/dist/cl/cl_funcs.c:647
#4  0x00000000c64490ec in vs_paint (sp=sp@entry=0x7aa483d72000, 
    flags=<optimized out>)
    at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:777
#5  0x00000000c6449f75 in vs_refresh (sp=sp@entry=0x7aa483d72000, 
    forcepaint=forcepaint@entry=0)
    at /usr/src/external/bsd/nvi/dist/vi/vs_refresh.c:99
#6  0x00000000c6445086 in vi (spp=spp@entry=0x7f7fff82e060)
    at /usr/src/external/bsd/nvi/dist/vi/vi.c:115
#7  0x00000000c642cc98 in editor (wp=wp@entry=0x7aa483d9e000, 
    argc=<optimized out>, argc@entry=2, argv=<optimized out>, 
    argv@entry=0x7f7fff82e2e8)
    at /usr/src/external/bsd/nvi/dist/common/main.c:436
#8  0x00000000c6456744 in main (argc=2, argv=0x7f7fff82e2e8)
    at /usr/src/external/bsd/nvi/dist/cl/cl_main.c:134
(gdb) list
warning: Source file is more recent than executable.
1071            }
1072
1073            /* We need to insert characters. */
1074    #ifdef HAVE_WCHAR
1075            cw = nsp->wcols;
1076            pcw = psp->wcols;
1077            if (cw < 1 || pcw < 1)
1078                    return ERR; /* Nothing to insert */
1079
1080            /* When inserting a wide character, we need something other than
(gdb) p psp
$1 = (__LDATA *) 0x0
(gdb) 
>How-To-Repeat:

>Fix:

Prev by Date: Re: bin/59990: /etc/security: first run mails megabytes of output
Next by Date: bin/60002: [PATCH] tests/kernel/t_mqueue: port to FreeBSD
Previous by Thread: Re: xsrc/58879 (X fails with "no screens found" using Radeon Vega 7)
Next by Thread: bin/60002: [PATCH] tests/kernel/t_mqueue: port to FreeBSD
Indexes:

Home | Main Index | Thread Index | Old Index