[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: deref/use after free

From: Thomas Dickey
Subject: Re: deref/use after free
Date: Fri, 23 Jan 2009 20:13:26 -0500 (EST)

On Sat, 24 Jan 2009, john heasley wrote:

Fri, Jan 23, 2009 at 06:03:11AM -0500, Thomas Dickey:
On Fri, 23 Jan 2009, john heasley wrote:

valgrind (for Linux) tends to give better information than dmalloc,
though it still takes some study to see.

I don't use linux; it'd take some effort to use the box I can access.
I added a bunch of free(strdup("foo")) calls through the window/resizing
code to trigger the fencepost checking.  I'll poke some more; thanks
for your comments/suggestions.

ElectricFence (efence) is reasonably portable.  Before valgrind, I used
to link with efence to force a core dump close to bad memory references.
Since it covers "all" memory references, it's more general than dmalloc.
But you do need a debugger to see where/why the program died.

I've found the problem.  menu_sub() may return a non-subwin() window, which
may also be stdscr.  In this particular bug (in our code), the new subwin()
after the first resize would fail (and be ignored) if the minimum dimensions
to render the menu exceeded the screen size.  Upon the next resize,
menu_sub() returns the parent of what would normally have been the subwin(),
which the code then delwin()s, and thus starts the corruption.

I see (almost sounds as if ncurses could make some additional check)

Sorry for the noise.  Please close this ticket.

no problem

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]