From mboxrd@z Thu Jan 1 00:00:00 1970 Path: main.gmane.org!not-for-mail From: Kenichi Handa Newsgroups: gmane.emacs.devel Subject: Re: segfault by emacs -nw Date: Thu, 21 Aug 2003 20:41:32 +0900 (JST) Sender: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Message-ID: <200308211141.UAA07281@etlken.m17n.org> References: <200308210207.LAA06393@etlken.m17n.org> NNTP-Posting-Host: deer.gmane.org Mime-Version: 1.0 (generated by SEMI 1.14.3 - "Ushinoya") Content-Type: text/plain; charset=US-ASCII X-Trace: sea.gmane.org 1061526637 22587 80.91.224.253 (22 Aug 2003 04:30:37 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Fri, 22 Aug 2003 04:30:37 +0000 (UTC) Cc: gerd.moellmann@t-online.de, emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Fri Aug 22 06:30:35 2003 Return-path: Original-Received: from quimby.gnus.org ([80.91.224.244]) by deer.gmane.org with esmtp (Exim 3.35 #1 (Debian)) id 19q3ZL-0003tH-00 for ; Fri, 22 Aug 2003 06:30:35 +0200 Original-Received: from monty-python.gnu.org ([199.232.76.173]) by quimby.gnus.org with esmtp (Exim 3.12 #1 (Debian)) id 19q3dL-0003U3-00 for ; Fri, 22 Aug 2003 06:34:43 +0200 Original-Received: from localhost ([127.0.0.1] helo=monty-python.gnu.org) by monty-python.gnu.org with esmtp (Exim 4.20) id 19q3Rv-00079V-MI for emacs-devel@quimby.gnus.org; Fri, 22 Aug 2003 00:22:55 -0400 Original-Received: from list by monty-python.gnu.org with tmda-scanned (Exim 4.20) id 19poUF-0006EF-Ht for emacs-devel@gnu.org; Thu, 21 Aug 2003 08:24:19 -0400 Original-Received: from mail by monty-python.gnu.org with spam-scanned (Exim 4.20) id 19po3f-0007Qd-BS for emacs-devel@gnu.org; Thu, 21 Aug 2003 07:57:23 -0400 Original-Received: from [192.47.44.130] (helo=tsukuba.m17n.org) by monty-python.gnu.org with esmtp (Exim 4.20) id 19pnp4-0003Jy-6P for emacs-devel@gnu.org; Thu, 21 Aug 2003 07:41:46 -0400 Original-Received: from fs.m17n.org (fs.m17n.org [192.47.44.2]) by tsukuba.m17n.org (8.11.6p2/3.7W-20010518204228) with ESMTP id h7LBfXu04445; Thu, 21 Aug 2003 20:41:33 +0900 (JST) (envelope-from handa@m17n.org) Original-Received: from etlken.m17n.org (etlken.m17n.org [192.47.44.125]) by fs.m17n.org (8.11.6/3.7W-20010823150639) with ESMTP id h7LBfW915442; Thu, 21 Aug 2003 20:41:32 +0900 (JST) Original-Received: (from handa@localhost) by etlken.m17n.org (8.8.8+Sun/3.7W-2001040620) id UAA07281; Thu, 21 Aug 2003 20:41:32 +0900 (JST) Original-To: terjeros@phys.ntnu.no In-reply-to: (message from Terje Rosten on Thu, 21 Aug 2003 12:24:33 +0200) User-Agent: SEMI/1.14.3 (Ushinoya) FLIM/1.14.2 (Yagi-Nishiguchi) APEL/10.2 Emacs/21.2.92 (sparc-sun-solaris2.6) MULE/5.0 (SAKAKI) X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.2 Precedence: list List-Id: Emacs development discussions. List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+emacs-devel=quimby.gnus.org@gnu.org Xref: main.gmane.org gmane.emacs.devel:16051 X-Report-Spam: http://spam.gmane.org/gmane.emacs.devel:16051 Terje Rosten writes: > | With today's CVS HEAD, emacs -nw always crashes as below: > Reverting this patch seems to fix it here: > > The change is from: > 2003-08-19 Gerd Moellmann > * s/freebsd.h [__FreeBSD_version >= 400000]: Define TERMINFO, > use -lncurses. > * term.c (term_init): Use a buffer of size 4096 for tgetent since > FreeBSD returns something longer than 2044. Abort if the end of > the buffer is overwritten. Thank you for the info. I think I found what is wrong with the above patch. The current code is like this: ---------------------------------------------------------------------- buffer = (char *) xmalloc (buffer_size); status = tgetent (buffer, terminal_type); [...] if (strlen (buffer) >= buffer_size) abort (); area = (char *) xmalloc (strlen (buffer)); ---------------------------------------------------------------------- But, on GNU/Linux, the argument `buffer' of tgetent is ignored. This is the man page for tgetent. SYNOPSIS [...] int tgetent(char *bp, const char *name); [...] These routines are included as a conversion aid for pro- grams that use the termcap library. Their parameters are the same and the routines are emulated using the terminfo database. Thus, they can only be used to query the capa- bilities of entries for which a terminfo entry has been compiled. The tgetent routine loads the entry for name. It returns 1 on success, 0 if there is no such entry, and -1 if the terminfo database could not be found. The emulation ignores the buffer pointer bp. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ So, in my environment, the memory allocated for `area' is too small which leads to buffer overrun. I've just installed the attached change. --- Ken'ichi HANDA handa@m17n.org 2003-08-21 Kenichi Handa * term.c (term_init): Fix previous change; don't rely on the length of `buffer' if TERMINFO is defined. Index: term.c =================================================================== RCS file: /cvsroot/emacs/emacs/src/term.c,v retrieving revision 1.147 diff -u -c -r1.147 term.c cvs server: conflicting specifications of output style *** term.c 19 Aug 2003 23:47:22 -0000 1.147 --- term.c 21 Aug 2003 11:34:21 -0000 *************** *** 2229,2238 **** #endif } if (strlen (buffer) >= buffer_size) abort (); ! ! area = (char *) xmalloc (strlen (buffer)); TS_ins_line = tgetstr ("al", address); TS_ins_multi_lines = tgetstr ("AL", address); --- 2229,2240 ---- #endif } + #ifndef TERMINFO if (strlen (buffer) >= buffer_size) abort (); ! buffer_size = strlen (buffer); ! #endif ! area = (char *) xmalloc (buffer_size); TS_ins_line = tgetstr ("al", address); TS_ins_multi_lines = tgetstr ("AL", address);