Quoting Sven Joachim <svenj...@gmx.de>:
On 2011-03-07 18:21 +0100, Nico Golde wrote:
* Sven Joachim <svenj...@gmx.de> [2011-03-07 17:53]:
It seems to be bug #617210 in ncurses. At least, changing the offending
code in ncurses' newwin() function back to what is was before 5.8 fixes
the newsbeuter segfault for me (stfl is calling newwin(0, 0, 0, 0) in
stfl_form_run()).
I can confirm what you though. I already mentioned the window is zero thus
resulting in a null ptr dereference/invalid read. The reason is:
The created windows is passed via f->root->type->f_draw(f->root, f,
dummywin);
in stfl_form_run(). The complete backtrace looks like:
#0 0x00007f66190ad5ce in stfl_style () from /usr/lib/libstfl.so.0
#1 0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0
#2 0x00007f66190abe67 in stfl_form_run () from /usr/lib/libstfl.so.0
#3 0x00007f66190ab04e in stfl_run () from /usr/lib/libstfl.so.0
from newsbeuter the path is f->run(-3); => stfl_run() => which hits the
newwin() code in stfl.
#1 0x00007f66190ae120 in ?? () from /usr/lib/libstfl.so.0 is code in
stfl_widget_style() and this function is called in the various drawing
functions of stfl that are set to the f_draw function pointer.
I'll reassign this bug to libncursesw5.
Thanks! I guess the return value check is still something that
should be added
in stfl?
Probably yes, if only because the faulty newwin() code is in a released
version of ncurses, and other distributions might pick it up sooner or
later.
yes - that's not a good bug (far worse than the usual post-release bug
reports).
Do you suppose it would be advisable to make a 5.9 release in a few weeks?
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
