From owner-freebsd-bugs  Fri May 15 13:43:57 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id NAA00774
          for freebsd-bugs-outgoing; Fri, 15 May 1998 13:43:57 -0700 (PDT)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA00766
          for <freebsd-bugs@FreeBSD.org>; Fri, 15 May 1998 13:43:56 -0700 (PDT)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id NAA12402;
	Fri, 15 May 1998 13:40:01 -0700 (PDT)
Received: from gw.jmrodgers.com (gw.jmrodgers.com [205.247.224.2])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id NAA29955
          for <FreeBSD-gnats-submit@freebsd.org>; Fri, 15 May 1998 13:38:53 -0700 (PDT)
          (envelope-from max@gw.jmrodgers.com)
Received: (from max@localhost)
	by gw.jmrodgers.com (8.8.8/8.8.8) id QAA13142;
	Fri, 15 May 1998 16:38:01 -0400 (EDT)
	(envelope-from max)
Message-Id: <199805152038.QAA13142@gw.jmrodgers.com>
Date: Fri, 15 May 1998 16:38:01 -0400 (EDT)
From: Max Euston <meuston@jmrodgers.com>
Reply-To: Max Euston <meuston@jmrodgers.com>
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/6648: [Patch] Can get NULL pointer in vidattr (ncurses)
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         6648
>Category:       bin
>Synopsis:       [Patch] Can get NULL pointer in vidattr (ncurses)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 15 13:40:01 PDT 1998
>Last-Modified:
>Originator:     Max Euston
>Organization:
>Release:        FreeBSD 2.2.5-STABLE i386
>Environment:

	-STABLE (and -CURRENT) (since revision 1.3)

>Description:

	Low level use of 'vidattr()' can cause a NULL pointer to be
dereferenced.  This is because 'SP' is only initialized via 'newterm()'
(which is not required if you are going to interact with the 'terminfo'
database without using 'ncurses').

>How-To-Repeat:

main()
{
	setupterm(...);
	vidputs(...);		/* This will SIGSEGV */
}

>Fix:
	
diff -u /usr/src/lib/libncurses/lib_vidattr.c ./lib_vidattr.c
--- /usr/src/lib/libncurses/lib_vidattr.c	Tue Sep  2 15:10:19 1997
+++ ./lib_vidattr.c	Fri May 15 14:16:42 1998
@@ -71,13 +71,14 @@
 	}
 }
 
-#define previous_attr SP->_current_attr
-
 int vidputs(chtype newmode, int  (*outc)(int))
 {
-chtype	turn_off = (~newmode & previous_attr) & ~A_COLOR;
-chtype	turn_on  = (newmode & ~previous_attr) & ~A_COLOR;
-int pair, current_pair;
+static chtype  previous_attr=0;
+chtype	turn_off,turn_on;
+int	pair, current_pair;
+
+	if (SP)
+		previous_attr = SP->_current_attr;
 
 	T(("vidputs(%x) called %s", newmode, _traceattr(newmode)));
 	T(("previous attribute was %s", _traceattr(previous_attr)));
@@ -85,6 +86,9 @@
 	if (newmode == previous_attr)
 		return OK;
 
+	turn_off = (~newmode & previous_attr) & ~A_COLOR;
+	turn_on  = (newmode & ~previous_attr) & ~A_COLOR;
+
 	pair = PAIR_NUMBER(newmode);
 	current_pair = PAIR_NUMBER(previous_attr);
 
@@ -184,6 +188,8 @@
    	}
 
 	previous_attr = newmode;
+	if (SP)
+		SP->_current_attr = previous_attr;
 
 	T(("vidputs finished"));
 	return OK;
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message