[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: wget_wch problem
|
From: |
Thomas Dickey |
|
Subject: |
RE: wget_wch problem |
|
Date: |
Wed, 14 Jan 2004 14:37:54 -0500 (EST) |
On Wed, 14 Jan 2004, Saravanan Bellan wrote:
> This is the stack trace when compiled with libncurses_g,
>
> (gdb) bt
> #0 0xff3516e4 in __mbrtowc_dense_gb18030 ()
> from /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
> #1 0x1da08 in wget_wch (win=0x6764c, result=0xffbef578)
> at ../ncurses/./widechar/lib_get_wch.c:85
> #2 0x135f0 in main (argc=1, argv=0xffbef5f4) at wget.c:21
My line-85 is a call to mbrlen (perhaps the debugger is different):
buffer[count++] = UChar(value);
memset(&state, 0, sizeof(state));
status = mbrlen(buffer, count, &state); <<== 85
if (status >= 0) {
memset(&state, 0, sizeof(state));
if ((int) mbrtowc(&wch, buffer, count, &state) != status) {
code = ERR; /* the two calls should match */
}
value = wch;
break;
}
if you did (from gdb), an "up" and "print count", that would help answer
the question whether it is a buffer overflow. That is if count is more
than 100 (145 on this machine, but guessing), it indicates that the
function has looped a few times and may run out of space.
> This is with Sun's locale support.
I don't think I can test that directly. I have that locale installed on
my Linux box, but (not knowing what I'm looking for) do not seem to be
able to I break it there (valgrind reports from errors within glibc,
but none in the ncurses test program).
>
> -----Original Message-----
> From: Thomas Dickey
> To: Saravanan Bellan
> Cc: 'address@hidden'
> Sent: 1/14/2004 5:55 AM
> Subject: Re: wget_wch problem
>
> On Wed, 14 Jan 2004, Saravanan Bellan wrote:
>
> > When running the following program on Solaris 8 with
> > ncurses(ncurses-5.3-20031004-patch) and zh_CN.GB18030 I get a seg
> fault at
> > wget_wch (stack trace below)
>
> perhaps linking against libncurses_g would give more information.
> Is this with Sun's locale support, or using libiconv?
> I may be able to test the latter on Linux.
>
> Reading the code, I suspect a buffer overflow - since the buffer
> into which mbrtowc writes is fixed (I should alter that).
>
> > It works fine for any other locale.
> >
> > Any ideas.
> >
> > #include <signal.h>
> > #include <locale.h>
> > #include <curses.h>
> > #include <errno.h>
> > #include <stddef.h>
> >
> > main(int argc, char ** argv) {
> > WINDOW *win;
> > wint_t in_wc;
> > int ret_c;
> >
> > initscr(); nonl(); noecho(); raw(); erase(); refresh();
> >
> > setlocale(LC_ALL, "");
> >
> > win = newwin(20, 60, 0, 0);
> >
> > clearok(win, 1); touchwin(win); wrefresh(win);
> > do {
> > errno = 0;
> > ret_c = wget_wch(win, &in_wc);
> > } while ((ret_c == ERR) && (errno == EINTR));
> > noraw();
> > endwin();
> > }
> >
> > The back trace from gdb,
> >
> > Program terminated with signal 11, Segmentation Fault.
> > Loaded symbols for
> /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
> > (gdb) bt
> > #0 0xff3516e4 in __mbrtowc_dense_gb18030 ()
> > from /usr/lib/locale/zh_CN.GB18030/methods_zh_CN.GB18030.so.2
> > #1 0x1d718 in wget_wch ()
> > #2 0x12e58 in main (argc=1, argv=0xffbef62c) at wget.c:21
> >
> >
> > Thanks,
> > -Sarva
> >
> >
> > _______________________________________________
> > Bug-ncurses mailing list
> > address@hidden
> > http://mail.gnu.org/mailman/listinfo/bug-ncurses
> >
>
> --
> Thomas E. Dickey
> http://invisible-island.net
> ftp://invisible-island.net
>
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net