[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Use-after-free in _nc_free_and_exit()
From: |
Thomas Dickey |
Subject: |
Re: Use-after-free in _nc_free_and_exit() |
Date: |
Wed, 17 Mar 2021 16:23:58 -0400 |
User-agent: |
Mutt/1.10.1 (2018-07-13) |
On Wed, Mar 17, 2021 at 04:20:39PM +0100, Miroslav Lichvar wrote:
> I'm looking at a report from a static analyser and there seems to be
> one issue that looks like an actual bug, which in a test is reported
> by valgrind too. In the "leaky" configuration of ncurses there is:
>
> NCURSES_SP_NAME(_nc_free_and_exit) (NCURSES_SP_DCLx int code)
> {
> if (SP_PARM) {
> delscreen(SP_PARM);
> if (SP_PARM->_term)
> NCURSES_SP_NAME(del_curterm) (NCURSES_SP_ARGx SP_PARM->_term);
> }
>
> delscreen() frees SP_PARM, so it shouldn't be accessed after that
> point. The _term seems to be freed in delscreen(), so maybe those two
> lines following the delscreen() could be removed?
probably (thanks).
I'm guessing that I didn't notice this one since the test-programs already
do a delscreen, and SP_PARM is null at this point.
--
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net
signature.asc
Description: PGP signature