[PATCH weston] terminal: Fix segmentation fault when processing DCH ANSI escape code

Bryce Harrington bryce at osg.samsung.com
Mon May 18 16:27:18 PDT 2015 

On Sun, May 17, 2015 at 07:21:24AM +0000, Aaron Hamilton wrote:
> Fixes a segmentation fault when terminal processes a DCH ansi escape code and the cursor is at the end of the row, and terminal_shift_line calls memmove on memory it doesn't own.
> ---

It looks like this also gets called for ICH codes, where it looks like d
isn't restricted to positive only values (afaict).  Will this cause any
weird behaviors in that case?

>  clients/terminal.c | 17 ++++++++++-------
>  1 file changed, 10 insertions(+), 7 deletions(-)
> 
> diff --git a/clients/terminal.c b/clients/terminal.c
> index d7345d3..fc9b7ae 100644
> --- a/clients/terminal.c
> +++ b/clients/terminal.c
> @@ -721,13 +721,16 @@ terminal_shift_line(struct terminal *terminal, int d)
> 
>  	if (d < 0) {
>  		d = 0 - d;
> -		memmove(&row[terminal->column],
> -		        &row[terminal->column + d],
> -			(terminal->width - terminal->column - d) * sizeof(union utf8_char));
> -		memmove(&attr_row[terminal->column], &attr_row[terminal->column + d],
> -		        (terminal->width - terminal->column - d) * sizeof(struct attr));
> -		memset(&row[terminal->width - d], 0, d * sizeof(union utf8_char));
> -		attr_init(&attr_row[terminal->width - d], terminal->curr_attr, d);
> +
> +		if(terminal->width - terminal->column) {
> +			memmove(&row[terminal->column],
> +				&row[terminal->column + d],
> +				(terminal->width - terminal->column - d) * sizeof(union utf8_char));
> +			memmove(&attr_row[terminal->column], &attr_row[terminal->column + d],
> +				(terminal->width - terminal->column - d) * sizeof(struct attr));
> +			memset(&row[terminal->width - d], 0, d * sizeof(union utf8_char));
> +			attr_init(&attr_row[terminal->width - d], terminal->curr_attr, d);
> +		}

Since d is not used subsequently in this function, why not combine the
above two if statements into an and clause.  Then the patch is just a
one-liner.

>  	} else {
>  		memmove(&row[terminal->column + d], &row[terminal->column],
>  			(terminal->width - terminal->column - d) * sizeof(union utf8_char));
> --
> 2.4.1
> _______________________________________________
> wayland-devel mailing list
> wayland-devel at lists.freedesktop.org
> http://lists.freedesktop.org/mailman/listinfo/wayland-devel

More information about the wayland-devel mailing list