[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: segfault by emacs -nw

From: Kenichi Handa
Subject: Re: segfault by emacs -nw
Date: Thu, 21 Aug 2003 20:41:32 +0900 (JST)
User-agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.2 Emacs/21.2.92 (sparc-sun-solaris2.6) MULE/5.0 (SAKAKI)

Terje Rosten <address@hidden> writes:
> | With today's CVS HEAD, emacs -nw always crashes as below:

> Reverting this patch seems to fix it here:

> <URL: 
> http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/src/term.c.diff?r1=1.146&r2=1.147&sortby=date>

> The change is from:

> 2003-08-19  Gerd Moellmann  <address@hidden>

>         * s/freebsd.h [__FreeBSD_version >= 400000]: Define TERMINFO,
>         use -lncurses.

>         * term.c (term_init): Use a buffer of size 4096 for tgetent since
>         FreeBSD returns something longer than 2044.  Abort if the end of
>         the buffer is overwritten.

Thank you for the info.   I think I found what is wrong with
the above patch.

The current code is like this:
  buffer = (char *) xmalloc (buffer_size);
  status = tgetent (buffer, terminal_type);
  if (strlen (buffer) >= buffer_size)
    abort ();
  area = (char *) xmalloc (strlen (buffer));

But, on GNU/Linux, the argument `buffer' of tgetent is
ignored.  This is the man page for tgetent.

       int tgetent(char *bp, const char *name);
       These routines are included as a conversion aid  for  pro-
       grams  that use the termcap library.  Their parameters are
       the same and the routines are emulated using the  terminfo
       database.   Thus, they can only be used to query the capa-
       bilities of entries for which a terminfo  entry  has  been

       The  tgetent routine loads the entry for name.  It returns
       1 on success, 0 if there is no such entry, and -1  if  the
       terminfo  database  could  not  be  found.   The emulation
       ignores the buffer pointer bp.

So, in my environment, the memory allocated for `area' is
too small which leads to buffer overrun.  I've just
installed the attached change.

Ken'ichi HANDA

2003-08-21  Kenichi Handa  <address@hidden>

        * term.c (term_init): Fix previous change; don't rely on the
        length of `buffer' if TERMINFO is defined.

Index: term.c
RCS file: /cvsroot/emacs/emacs/src/term.c,v
retrieving revision 1.147
diff -u -c -r1.147 term.c
cvs server: conflicting specifications of output style
*** term.c      19 Aug 2003 23:47:22 -0000      1.147
--- term.c      21 Aug 2003 11:34:21 -0000
*** 2229,2238 ****
    if (strlen (buffer) >= buffer_size)
      abort ();
!   area = (char *) xmalloc (strlen (buffer));
    TS_ins_line = tgetstr ("al", address);
    TS_ins_multi_lines = tgetstr ("AL", address);
--- 2229,2240 ----
+ #ifndef TERMINFO
    if (strlen (buffer) >= buffer_size)
      abort ();
!   buffer_size = strlen (buffer);
! #endif
!   area = (char *) xmalloc (buffer_size);
    TS_ins_line = tgetstr ("al", address);
    TS_ins_multi_lines = tgetstr ("AL", address);

reply via email to

[Prev in Thread] Current Thread [Next in Thread]