>Number:         26404
>Category:       lib
>Synopsis:       curses getcap(3) causes segfault
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jul 22 11:56:00 UTC 2004
>Closed-Date:
>Last-Modified:
>Originator:     Peter Bex
>Release:        NetBSD 2.0_BETA
>Organization:
>Environment:
	
	
System: NetBSD frohike.nvie.com 2.0_BETA NetBSD 2.0_BETA (FROHIKE) #1: Tue Jul 6 14:42:10 CEST 2004 sjamaan@frohike.nvie.com:/usr/src/sys/arch/i386/compile/FROHIKE i386
Architecture: i386
Machine: i386
>Description:
	Even if used properly, getcap(3) causes a segmentation fault.
	This occurs because even though _cursesi_setterm checks for problems
	with t_getent (using the local `unknown' variable), getcap ignores
	any problems.
>How-To-Repeat:

The following code causes a segfault (with TERM="xterm").
---------------------------
#include <stdio.h>
#include <wchar.h>
#include <curses.h>

int
main(void)
{
	char *cap;

	if (initscr() == NULL)
		printf("FATAL: initscr failed!\n");

	cap = getcap("bs");

	endwin();

	return 0;
}
---------------------------


>Fix:

Check for NULL in _cursesi_genbuf.  t_getent will set the passed buffer
pointer to NULL if an error occurred.  This buffer is _cursesi_genbuf.

Index: setterm.c
===================================================================
RCS file: /cvsroot/src/lib/libcurses/setterm.c,v
retrieving revision 1.38
diff -u -r1.38 setterm.c
--- setterm.c	21 Oct 2003 00:30:05 -0000	1.38
+++ setterm.c	22 Jul 2004 10:31:50 -0000
@@ -418,6 +418,9 @@
 char	*
 getcap(char *name)
 {
+	if (_cursesi_genbuf == NULL)
+		return NULL;
+
 	return (t_agetstr(_cursesi_genbuf, name));
 }
>Release-Note:
>Audit-Trail:
>Unformatted: