Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 May 1998 16:38:01 -0400 (EDT)
From:      Max Euston <meuston@jmrodgers.com>
To:        FreeBSD-gnats-submit@FreeBSD.ORG
Subject:   bin/6648: [Patch] Can get NULL pointer in vidattr (ncurses)
Message-ID:  <199805152038.QAA13142@gw.jmrodgers.com>
next in thread | raw e-mail | index | archive | help 

>Number:         6648
>Category:       bin
>Synopsis:       [Patch] Can get NULL pointer in vidattr (ncurses)
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri May 15 13:40:01 PDT 1998
>Last-Modified:
>Originator:     Max Euston
>Organization:
>Release:        FreeBSD 2.2.5-STABLE i386
>Environment:

	-STABLE (and -CURRENT) (since revision 1.3)

>Description:

	Low level use of 'vidattr()' can cause a NULL pointer to be
dereferenced.  This is because 'SP' is only initialized via 'newterm()'
(which is not required if you are going to interact with the 'terminfo'
database without using 'ncurses').

>How-To-Repeat:

main()
{
	setupterm(...);
	vidputs(...);		/* This will SIGSEGV */
}

>Fix:
	
diff -u /usr/src/lib/libncurses/lib_vidattr.c ./lib_vidattr.c
--- /usr/src/lib/libncurses/lib_vidattr.c	Tue Sep  2 15:10:19 1997
+++ ./lib_vidattr.c	Fri May 15 14:16:42 1998
@@ -71,13 +71,14 @@
 	}
 }
 
-#define previous_attr SP->_current_attr
-
 int vidputs(chtype newmode, int  (*outc)(int))
 {
-chtype	turn_off = (~newmode & previous_attr) & ~A_COLOR;
-chtype	turn_on  = (newmode & ~previous_attr) & ~A_COLOR;
-int pair, current_pair;
+static chtype  previous_attr=0;
+chtype	turn_off,turn_on;
+int	pair, current_pair;
+
+	if (SP)
+		previous_attr = SP->_current_attr;
 
 	T(("vidputs(%x) called %s", newmode, _traceattr(newmode)));
 	T(("previous attribute was %s", _traceattr(previous_attr)));
@@ -85,6 +86,9 @@
 	if (newmode == previous_attr)
 		return OK;
 
+	turn_off = (~newmode & previous_attr) & ~A_COLOR;
+	turn_on  = (newmode & ~previous_attr) & ~A_COLOR;
+
 	pair = PAIR_NUMBER(newmode);
 	current_pair = PAIR_NUMBER(previous_attr);
 
@@ -184,6 +188,8 @@
    	}
 
 	previous_attr = newmode;
+	if (SP)
+		SP->_current_attr = previous_attr;
 
 	T(("vidputs finished"));
 	return OK;
>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199805152038.QAA13142>