[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Possible tgetstr() NULL pointer dereference
From: |
Thomas Dickey |
Subject: |
Re: Possible tgetstr() NULL pointer dereference |
Date: |
Wed, 14 Jun 2023 18:02:18 -0400 |
On Wed, Jun 14, 2023 at 04:00:02PM +0800, Gregory James DUCK wrote:
> Hi,
>
> It seems following modified/corrupted xterm-256color file (attached) seems
> to cause a crash in the tgetstr() function from libtinfo.so.6:
>
> $ cd ~
> $ mkdir -p .terminfo/x/
> $ cp xterm-256color .terminfo/x/
> $ vim
>
> Tested on Ubuntu 23.04. I think the corrupted file causes convert_strings()
hmm - Ubuntu's website chokes when I ask what version of ncurses that might be.
(since Ubuntu just recompiles whatever Debian has, it's not helpful to tell
the version of Ubuntu).
> to write a NULL entry to the tp->ext_Names array. Later, tgetstr() reads
> the value but assumes it is non-NULL leading to a crash (NULL pointer
> dereference). It is probably unlikely that the xterm-256color file would
> be directly modified by an end-user though.
maybe - it's working fine with current ncurses - but a reproducible bug
should be reported to Debian.
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
signature.asc
Description: PGP signature