NetBSD Problem Report #41581
From mouse@Sparkle.Rodents-Montreal.ORG Fri Jun 12 13:59:06 2009
Return-Path: <mouse@Sparkle.Rodents-Montreal.ORG>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by www.NetBSD.org (Postfix) with ESMTP id D3FCF63B9E6
for <gnats-bugs@gnats.NetBSD.org>; Fri, 12 Jun 2009 13:59:06 +0000 (UTC)
Message-Id: <200906121359.JAA01167@Sparkle.Rodents-Montreal.ORG>
Date: Fri, 12 Jun 2009 09:41:51 -0400 (EDT)
From: der Mouse <mouse@Rodents-Montreal.ORG>
Reply-To: mouse@Rodents-Montreal.ORG
To: gnats-bugs@gnats.NetBSD.org
Subject: [dM] window segfaults with certain terminals
X-Send-Pr-Version: 3.95
>Number: 41581
>Category: bin
>Synopsis: [dM] window SEGV with certain terminals
>Confidential: no
>Severity: serious
>Priority: low
>Responsible: bin-bug-people
>State: closed
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Fri Jun 12 14:00:00 +0000 2009
>Closed-Date: Wed Jun 17 21:54:16 +0000 2009
>Last-Modified: Wed Jun 17 21:54:16 +0000 2009
>Originator: der Mouse
>Release: NetBSD 4.0.1, also in 4.0 and 3.1, probably -current
>Organization:
Dis-
>Environment:
System: NetBSD NetBSD-401.Rodents-Montreal.ORG 4.0.1 NetBSD 4.0.1 (GEN401) #0: Wed May 27 10:57:54 EDT 2009 mouse@NetBSD-401.Rodents-Montreal.ORG:/home/mouse/kbuild/GEN401 i386
Architecture: i386
Machine: i386
More generally, any using usr.bin/window/ttgeneric.c,v 1.9, probably at
least some other versions too.
>Description:
When used with a terminal type supporting standout but not
underline (se/so but not ue/uo) window will segfault early in
startup (after clearing the screen but before drawing anything
more). Code inspection makes me think there is risk of a
similar segfault for terminal types with underline but no
standout.
This is because the code is of the form
if (!strcmp(x->...,y->...) && y && z && ...)
that is, it uses a variable before testing it to determine
whether the use is safe. (x is tested in a surrounding if.)
(It also pessimizes the order of the tests, putting the most
expensive test first, and arguably should be fixed for that
reason if no other.)
-current (ttgeneric.c,v 1.10) has similarly botched code. I
haven't tested it to see whether it segfaults, but looking at
the diff between 1.9 (the one 3.1, 4.0, and 4.0.1 use, and
which definitely suffers) and 1.10 (-current) makes me think it
does not affect this either way; it appears to be nothing but a
const-poisoning change. I infer that 5.0 probably suffers too.
>How-To-Repeat:
Set up - or choose - a terminal type with se/so but without
ue/uo. Start window. Watch it segfault.
>Fix:
--- base/usr.bin/window/ttgeneric.c Thu Aug 7 07:17:30 2003
+++ live/usr.bin/window/ttgeneric.c Fri Jun 12 09:28:09 2009
@@ -169,8 +169,8 @@
} else
if (gen_SE) {
ttxputs(gen_SE);
- if (!strcmp(gen_SE->ts_str, gen_UE->ts_str) &&
- gen_UE && gen_US && new & WWM_UL)
+ if (gen_UE && gen_US && new & WWM_UL &&
+ !strcmp(gen_SE->ts_str, gen_UE->ts_str))
ttxputs(gen_US);
}
}
@@ -181,8 +181,8 @@
} else
if (gen_UE) {
ttxputs(gen_UE);
- if (!strcmp(gen_UE->ts_str, gen_SE->ts_str) &&
- gen_SE && gen_SO && new & WWM_REV)
+ if (gen_SE && gen_SO && new & WWM_REV &&
+ !strcmp(gen_UE->ts_str, gen_SE->ts_str))
ttxputs(gen_SO);
}
}
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents-montreal.org
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
>Release-Note:
>Audit-Trail:
From: Christos Zoulas <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41581 CVS commit: src/usr.bin/window
Date: Fri, 12 Jun 2009 11:19:52 -0400
Module Name: src
Committed By: christos
Date: Fri Jun 12 15:19:52 UTC 2009
Modified Files:
src/usr.bin/window: ttgeneric.c
Log Message:
PR/41581: Der mouse: window SEGV with certain terminals. does strcmp first
and then checks for null pointer for underline and bold.
To generate a diff of this commit:
cvs rdiff -u -r1.10 -r1.11 src/usr.bin/window/ttgeneric.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41581 CVS commit: [netbsd-5] src/usr.bin/window
Date: Wed, 17 Jun 2009 20:30:59 +0000
Module Name: src
Committed By: bouyer
Date: Wed Jun 17 20:30:59 UTC 2009
Modified Files:
src/usr.bin/window [netbsd-5]: ttgeneric.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #813):
usr.bin/window/ttgeneric.c: revision 1.11
PR/41581: Der mouse: window SEGV with certain terminals. does strcmp first
and then checks for null pointer for underline and bold.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.40.1 src/usr.bin/window/ttgeneric.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
From: Manuel Bouyer <bouyer@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc:
Subject: PR/41581 CVS commit: [netbsd-4] src/usr.bin/window
Date: Wed, 17 Jun 2009 20:55:59 +0000
Module Name: src
Committed By: bouyer
Date: Wed Jun 17 20:55:59 UTC 2009
Modified Files:
src/usr.bin/window [netbsd-4]: ttgeneric.c
Log Message:
Pull up following revision(s) (requested by christos in ticket #1324):
usr.bin/window/ttgeneric.c: revision 1.11
PR/41581: Der mouse: window SEGV with certain terminals. does strcmp first
and then checks for null pointer for underline and bold.
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.9.18.1 src/usr.bin/window/ttgeneric.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
State-Changed-From-To: open->closed
State-Changed-By: snj@NetBSD.org
State-Changed-When: Wed, 17 Jun 2009 21:54:16 +0000
State-Changed-Why:
Patch committed and pulled up. Thanks!
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.
Home