Re: Use-after-free in _nc_free_and

bug-ncurses

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Use-after-free in _nc_free_and_exit()

From:	Thomas Dickey
Subject:	Re: Use-after-free in _nc_free_and_exit()
Date:	Wed, 17 Mar 2021 16:23:58 -0400
User-agent:	Mutt/1.10.1 (2018-07-13)

On Wed, Mar 17, 2021 at 04:20:39PM +0100, Miroslav Lichvar wrote:
> I'm looking at a report from a static analyser and there seems to be
> one issue that looks like an actual bug, which in a test is reported
> by valgrind too. In the "leaky" configuration of ncurses there is:
> 
> NCURSES_SP_NAME(_nc_free_and_exit) (NCURSES_SP_DCLx int code)
> {
>     if (SP_PARM) {
>         delscreen(SP_PARM);
>         if (SP_PARM->_term)
>             NCURSES_SP_NAME(del_curterm) (NCURSES_SP_ARGx SP_PARM->_term);
>     }
> 
> delscreen() frees SP_PARM, so it shouldn't be accessed after that
> point. The _term seems to be freed in delscreen(), so maybe those two
> lines following the delscreen() could be removed?

probably (thanks).

I'm guessing that I didn't notice this one since the test-programs already
do a delscreen, and SP_PARM is null at this point.

-- 
Thomas E. Dickey <dickey@invisible-island.net>
https://invisible-island.net
ftp://ftp.invisible-island.net

signature.asc
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

Use-after-free in _nc_free_and_exit(), Miroslav Lichvar, 2021/03/17
- Re: Use-after-free in _nc_free_and_exit(), Thomas Dickey <=

Prev by Date: Use-after-free in _nc_free_and_exit()
Next by Date: 'configure' script option to specify .pc (pkgconfig) files are written to '/opt/ncurses/share/pkgconfig'
Previous by thread: Use-after-free in _nc_free_and_exit()
Next by thread: 'configure' script option to specify .pc (pkgconfig) files are written to '/opt/ncurses/share/pkgconfig'
Index(es):
- Date
- Thread