On 2011-03-07 18:21 +0100, Nico Golde wrote:
> * Sven Joachim <[email protected]> [2011-03-07 17:53]:
>>
>> It seems to be bug #617210 in ncurses. At least, changing the offending
>> code in ncurses' newwin() function back to what is was before 5.8 fixes
>> the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
>> stfl_form_run()).
>
> I can confirm what you though. I already mentioned the window is zero thus
> resulting in a null ptr dereference/invalid read. The reason is:
> The created windows is passed via f->root->type->f_draw(f->root, f, dummywin);
> in stfl_form_run(). The complete backtrace looks like:
> #0 0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
> #1 0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0
> #2 0x00007f66190abe67 in stfl_form_run () from /usr/lib/libstfl.so.0
> #3 0x00007f66190ab04e in stfl_run () from /usr/lib/libstfl.so.0
>
> from newsbeuter the path is f->run(-3); => stfl_run() => which hits the
> newwin() code in stfl.
> #1 0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0 is code in
> stfl_widget_style() and this function is called in the various drawing
> functions of stfl that are set to the f_draw function pointer.
>
>> I'll reassign this bug to libncursesw5.
>
> Thanks! I guess the return value check is still something that should be
> added
> in stfl?
Probably yes, if only because the faulty newwin() code is in a released
version of ncurses, and other distributions might pick it up sooner or
later.
Cheers,
Sven
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
