[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deref/use after free

From: Thomas Dickey
Subject: Re: deref/use after free
Date: Thu, 22 Jan 2009 20:38:00 -0500 (EST)

On Fri, 23 Jan 2009, john heasley wrote:

Sat, Nov 22, 2008 at 06:43:41PM -0500, Thomas Dickey:
On Fri, Nov 21, 2008 at 08:51:51AM +0000, john heasley wrote:
I have a home-grown curses application which dumps core within ncurses 5.7
when the window is repeatedly resized.  The traceback is
Without resizing, there are no segfaults.  I'm hoping that one of those
familiar with ncurses source will know where to look straight away.  If
not, i'll spend the time to track it down.

I don't see the problem in the test-cases that I use for wresize and
resizeterm, but did modify some of the logic last year, e.g., in 20080105.

The trigger seems to stem from the deletion of a sub-window.  the subwin
is used for a menu.  When the screen is resized, our code (not written by
me) unposts the menu, gets the subwin pointer, delwins it, werases the
parent window, then recalculates parent and menu sizes, recreates the
subwin and reposts the menu.

(presumably _not_ in the signal handler ;-)

if I change this to derwin (though I don't see how derwin is that different
from subwin) and not delwin it, instead adjusting it as necessary and
reposting the menu, then there is no corruption.

subwin is implemented in terms of derwin, in ncurses.
(I don't see why it would differ, either)

I narrowed this with dmalloc's fencepost, where I see what seems like
free'd memory being used.  I'm not yet certain if that is our code or

valgrind (for Linux) tends to give better information than dmalloc,
though it still takes some study to see.

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]