Debian Bug report logs - #101699
SEGV after screen resize when window size != screen size

version graph

Package: libncurses5; Maintainer for libncurses5 is Craig Small <csmall@debian.org>; Source for libncurses5 is src:ncurses.

Reported by: peterb@chiark.greenend.org.uk (Peter Benie)

Date: Wed, 20 Jun 2001 23:18:02 UTC

Severity: important

Found in version 5.0-6.0potato1

Done: Daniel Jacobowitz <dan@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Daniel Jacobowitz <ncurses-maint@debian.org>:
Bug#101699; Package libncurses5. Full text and rfc822 format available.

Acknowledgement sent to peterb@chiark.greenend.org.uk (Peter Benie):
New Bug report received and forwarded. Copy sent to Daniel Jacobowitz <ncurses-maint@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: peterb@chiark.greenend.org.uk (Peter Benie)
To: submit@bugs.debian.org (Debian Bug Tracking System)
Subject: SEGV after screen resize when window size != screen size
Date: Thu, 21 Jun 2001 00:04:25 +0100
Package: libncurses5
Version: 5.0-6.0potato1
Severity: Important

(Bug also present in 5.2.20010318-2)

Summary:

If an application contains a window that isn't the full size of the
screen, and the screen is resized, then redrawwin for that window may
crash the application.

Detailed report:

I have a window which extends from line 2 (ie the third line) to the
bottom of the screen. The screen happens to be an xterm. When the
screen is resized so that it shrinks vertically, the application
crashes. In practice, it may take a few resize attempts to actually
crash since the bug is that freed memory continues to be used.

The cause is mainly to do with resizeterm(). The logic of the code is:

----
for each window (except pads), do
{
    Adjust existing window size for:
        windows which were off the bottom of the screen before the resize
        windows extending the full height of the screen (excl stolen lines)
        windows extending the full height of the screen (incl stolen lines)
        windows extending the full width of the scren
    Call wresize to perform the window size change
}
Update screen_lines, screen_columns, LINES and COLS
----

The screen size update happens *after* the window loop, so a window
that doesn't fit into one of the special cases never has its size
changed by resizeterm(). To be more precise, wresize() is called for
each window, but is passed the original window size.

The segv happens like this:

- curscr occupies the full height of the screen and so matches one of 
  the special cases. It is resized automatically.

- redrawwin is called by the application for a window that didn't 
  get correctly resized

- redrawwin calls wredrawln(w, 0, w->_maxy+1)

- wredrawln clears curscr->_line[i+win->_begy].text for i in [0..w->_maxy]

- The application crashes when i+win->_begy passes curscr->_maxy


I believe that at least one of the following is true:

 a) resizeterm() should resize my window since it extends beyond the 
    the new size of the screen, and my window has just had its backing
    store taken out from under it

 b) wredrawln() should only update areas of the window that have backing
    store, ie. there should be horizontal and vertical bounds checks
    for curscr.

Whether (a) or (b) is true depends on whether you believe that windows
larger than the screen are permitted. FWIW, I think they should be
allowed, hence I believe that (b) is true, however, I have no
experience of what other curses libraries do.

Peter Benie



Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Jacobowitz <ncurses-maint@debian.org>:
Bug#101699; Package libncurses5. Full text and rfc822 format available.

Acknowledgement sent to dickey@herndon4.his.com:
Extra info received and forwarded to list. Copy sent to Daniel Jacobowitz <ncurses-maint@debian.org>. Full text and rfc822 format available.

Message #10 received at 101699@bugs.debian.org (full text, mbox):

From: Thomas Dickey <dickey@herndon4.his.com>
To: Peter Benie <peterb@chiark.greenend.org.uk>, 101699@bugs.debian.org
Subject: Re: Bug#101699: SEGV after screen resize when window size != screen size
Date: Sat, 23 Jun 2001 19:21:42 -0400
This may be a duplicate of #87678 - could you verify that?

On Thu, Jun 21, 2001 at 12:04:25AM +0100, Peter Benie wrote:
> Package: libncurses5
> Version: 5.0-6.0potato1
> Severity: Important
> 
> (Bug also present in 5.2.20010318-2)
> 
> Summary:
> 
> If an application contains a window that isn't the full size of the
> screen, and the screen is resized, then redrawwin for that window may
> crash the application.
> 
> Detailed report:
> 
> I have a window which extends from line 2 (ie the third line) to the
> bottom of the screen. The screen happens to be an xterm. When the
> screen is resized so that it shrinks vertically, the application
> crashes. In practice, it may take a few resize attempts to actually
> crash since the bug is that freed memory continues to be used.
> 
> The cause is mainly to do with resizeterm(). The logic of the code is:
> 
> ----
> for each window (except pads), do
> {
>     Adjust existing window size for:
>         windows which were off the bottom of the screen before the resize
>         windows extending the full height of the screen (excl stolen lines)
>         windows extending the full height of the screen (incl stolen lines)
>         windows extending the full width of the scren
>     Call wresize to perform the window size change
> }
> Update screen_lines, screen_columns, LINES and COLS
> ----
> 
> The screen size update happens *after* the window loop, so a window
> that doesn't fit into one of the special cases never has its size
> changed by resizeterm(). To be more precise, wresize() is called for
> each window, but is passed the original window size.
> 
> The segv happens like this:
> 
> - curscr occupies the full height of the screen and so matches one of 
>   the special cases. It is resized automatically.
> 
> - redrawwin is called by the application for a window that didn't 
>   get correctly resized
> 
> - redrawwin calls wredrawln(w, 0, w->_maxy+1)
> 
> - wredrawln clears curscr->_line[i+win->_begy].text for i in [0..w->_maxy]
> 
> - The application crashes when i+win->_begy passes curscr->_maxy
> 
> 
> I believe that at least one of the following is true:
> 
>  a) resizeterm() should resize my window since it extends beyond the 
>     the new size of the screen, and my window has just had its backing
>     store taken out from under it
> 
>  b) wredrawln() should only update areas of the window that have backing
>     store, ie. there should be horizontal and vertical bounds checks
>     for curscr.
> 
> Whether (a) or (b) is true depends on whether you believe that windows
> larger than the screen are permitted. FWIW, I think they should be
> allowed, hence I believe that (b) is true, however, I have no
> experience of what other curses libraries do.
> 
> Peter Benie

-- 
Thomas E. Dickey <dickey@herndon4.his.com>
http://dickey.his.com
ftp://dickey.his.com



Information forwarded to debian-bugs-dist@lists.debian.org, Daniel Jacobowitz <ncurses-maint@debian.org>, ncurses@packages.qa.debian.org:
Bug#101699; Package libncurses5. Full text and rfc822 format available.

Acknowledgement sent to dickey@herndon4.his.com (Thomas Dickey):
Extra info received and forwarded to list. Copy sent to Daniel Jacobowitz <ncurses-maint@debian.org>, ncurses@packages.qa.debian.org. Full text and rfc822 format available.

Message #15 received at 101699@bugs.debian.org (full text, mbox):

From: dickey@herndon4.his.com (Thomas Dickey)
To: 101699@bugs.debian.org
Cc: dickey@herndon4.his.com (Thomas Dickey)
Subject: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=101699
Date: Tue, 20 May 2003 09:04:13 -0400
>                       Debian Bug report logs - #101699
>           SEGV after screen resize when window size != screen size

lacking further input, I'm treating this one as resolved by my changes late
in 2002 (recommend this be marked resolved).
-- 
Thomas E. Dickey <dickey@invisible-island.net>
http://invisible-island.net
ftp://invisible-island.net



Reply sent to Daniel Jacobowitz <dan@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to peterb@chiark.greenend.org.uk (Peter Benie):
Bug acknowledged by developer. Full text and rfc822 format available.

Message #20 received at 101699-done@bugs.debian.org (full text, mbox):

From: Daniel Jacobowitz <dan@debian.org>
To: Thomas Dickey <dickey@herndon4.his.com>, 101699-done@bugs.debian.org
Subject: Re: Bug#101699: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=101699
Date: Sun, 25 May 2003 12:15:32 -0400
Closing.

On Tue, May 20, 2003 at 09:04:13AM -0400, Thomas E. Dickey wrote:
> >                       Debian Bug report logs - #101699
> >           SEGV after screen resize when window size != screen size
> 
> lacking further input, I'm treating this one as resolved by my changes late
> in 2002 (recommend this be marked resolved).
> -- 
> Thomas E. Dickey <dickey@invisible-island.net>
> http://invisible-island.net
> ftp://invisible-island.net
> 
> 

-- 
Daniel Jacobowitz
MontaVista Software                         Debian GNU/Linux Developer



Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sun Apr 20 01:47:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.