Potential bug in the handling of scrolling regions and newlines?

From: Rob King
Subject: Potential bug in the handling of scrolling regions and newlines?
Date: Fri, 28 Jul 2017 22:45:03 -0500
It would appear that programs linked against ncurses 6.0 will crash if a window's scrolling region is defined to not include the bottom line of the window, the cursor is moved to the bottom line of the window, a newline is added, and then any other character is added.

The bug appears to be in the `newline_forces_scroll' function in lib_add_wch.c and lib_addch.c:

        static bool
        newline_forces_scroll(WINDOW *win, NCURSES_SIZE_T * ypos)
                bool result = FALSE;

                if (*ypos >= win->_regtop && *ypos == win->_regbottom) {
                        *ypos = win->_regbottom;
                        result = TRUE;
                } else {
                        *ypos = (NCURSES_SIZE_T) (*ypos + 1);
                return result;

The issue is that scrolling is forced only if the Y position is at `win->_regbottom' and otherwise `ypos' is incremented. If the bottom of the scrolling region is above the bottom line of the window and the newline is printed on the bottom line, this results in the Y position being incremented past the bottom of the window. The next attempt to add characters to the window will result in referencing a nonexistent line and the program will crash.

        Here is a minimal reproduction:

        #include <curses.h>

            scrollok(stdscr, OK);
            setscrreg(0, LINES - 2);
            move(LINES - 1, 0);

I call this a "potential" bug because I don't know if printing a newline on the last line of a window with a defined scrolling region is something that "you're not supposed to do"...if this is indeed a bug, I believe the fix would be to change the `else' above to

        } else if (*ypos < win->_maxy) {

        Anyway, please let me know if anyone has any questions.


