[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Bug in info with window resizing
|
From: |
Samuel Marshall |
|
Subject: |
Bug in info with window resizing |
|
Date: |
Sun, 6 Jul 2014 12:26:39 -0400 |
Hello, I’ve found a number of bugs in info that are triggered as the result of
resizing the terminal window in some specific ways. I was originally going to
write up a proper ticket with a patch for this but after some investigation i
no longer feel confident in my abilities to submit a patch without causing more
harm to the existing code.
I’ve taken the liberty of writing up each of the crashes I experienced and
resulting reasons on my blog
(http://samdmarshall.com/blog/fixing_old_bugs.html) but I will summarized the
problems I have encountered for you: (Also all of these findings are relative
to the OS X platform, I haven’t attempted to reproduce these issues on anything
else as i have no other OS install)
1. Multiple NULL dereferences (those should be obvious from the post), a
handful of new value checks prior to a dereference could stop many of these.
2. struct WINDOW has a member “size_t height” where “size_t” is typealiased to
an unsigned int, causing any negative window heights to be represented
incorrectly and cause a lot of havoc with the redraw calculations
3. struct display_node_closure has an unindexed pointer array of DISPLAY_LINE,
which is a very very big issue as there are a number of cases of incorrect
pointer arithmetic, many of which are caused by the unsigned window height.
I ultimately could not track down the exact cause of the negative window height
despite patching out almost every case where it could become negative. I was
able to track down a number of versions of the source code prior to the
versions hosted on your public repo, from this I determined that while much of
the code has changed over the last 20 or so years, most of the comments have
not. This has proven a challenge in itself to understand some of these issues.
I have uploaded a zip of the source with the changes I posted in the blog
(http://cl.samdmarshall.com/WQ9p) in the hopes that you might be able to work
with this diff to locate the real issue here (Apologies in advance for messing
with some of the indentation, it was making it hard to read). Of all the
crashers i found, i think about 3 or 4 could be safely patched based on the
changes i made to ensure safe code handling. The rest would need a more expert
eye to remove the original issue at hand.
Thanks,
Sam Marshall
- Bug in info with window resizing,
Samuel Marshall <=