[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crash on unknown terminal

From: David Macek
Subject: Crash on unknown terminal
Date: Sat, 17 Feb 2018 18:36:57 +0100

Hi, after updating a few things recently, a crash started to appear whenever a bad (unknown) terminal name was specified.

I managed to trace the crash to a double-free as described below. My test program is this:

#include <ncurses.h>

int main() {
    newterm("x", stdout, stdin);

In `TINFO_SETUP_TERM`, given `USE_TERM_DRIVER`=1 and `reuse`=0, line 720 attempts to initialize the unknown terminal. When it fails, lines 726 frees the above-allocated `my_tcb` (aliased as `termp` and `TCB`).


`_nc_globals.term_driver` from line 720 is a define to `_nc_get_driver`, which more or less delegates to `_nc_TINFO_DRIVER.td_CanHandle` which points to `drv_CanHandle` where, after failure, line 180 executes.


We go into `del_curterm` which frees `termp` on line 168.


My investigation indicates this is a double-free which leads to the crash. If I remove lines 725-726 from `lib_setup.c`, the crash no longer happens.

Please advise.

(I'm not subscribed to the list, by the way.)

David Macek

reply via email to

[Prev in Thread] Current Thread [Next in Thread]